Jump to content

mathias234

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I hope this is it for that virus! Thank you for helping me.
  2. C:\Qoobox\Quarantine\C\Windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\00000004.@.vir Win64/Conedex.C trojan C:\Qoobox\Quarantine\C\Windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\00000008.@.vir Win64/Agent.BA trojan C:\Qoobox\Quarantine\C\Windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\000000cb.@.vir Win64/Conedex.B trojan C:\Qoobox\Quarantine\C\Windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\80000000.@.vir Win64/Sirefef.AW trojan C:\Qoobox\Quarantine\C\Windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\80000032.@.vir probably a variant of Win32/Sirefef.FD trojan C:\Qoobox\Quarantine\C\Windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\80000064.@.vir a variant of Win64/Sirefef.AN trojan C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan
  3. here is Malwerebytes's loggs Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Databaseversjon: v2012.11.26.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Mathias :: MATHIAS-PC [administrator] Beskyttelse: Aktivert 26.11.2012 15:06:57 mbam-log-2012-11-26 (15-06-57).txt Skanntype: Hurtigsøk Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 206332 Tid tilbakelagt: 1 minutt(er), 29 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 0 (Ingen skadelige objekter funnet) Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 0 (Ingen skadelige objekter funnet) Filer oppdaget 0 (Ingen skadelige objekter funnet) (klar)
  4. ComboFix 12-11-25.01 - Mathias 25.11.2012 21:34:14.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.8172.6853 [GMT 1:00] Kjører fra: c:\users\Mathias\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\7Loader.TAG c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\@ c:\windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\L\00000004.@ c:\windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\L\201d3dde c:\windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\L\55490ac4 c:\windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\00000004.@ c:\windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\00000008.@ c:\windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\000000cb.@ c:\windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\80000000.@ c:\windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\80000032.@ c:\windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U\80000064.@ c:\windows\SysWow64\d2d1debug1.dll . Infisert kopi av c:\windows\system32\services.exe ble funnet og desinfisert Gjenopprettet kopi fra - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-10-25 til 2012-11-25 ))))))))))))))))))))))))))))))))) . . 2012-11-25 20:39 . 2012-11-25 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-24 19:14 . 2012-11-24 19:14 -------- d-----w- c:\users\Mathias\AO-Skintool 2012-11-24 19:12 . 2012-11-24 19:12 -------- d-----w- c:\program files (x86)\AO-Skintool 2012-11-24 18:45 . 2012-11-24 18:45 -------- d-----w- C:\VritualRoot 2012-11-24 18:34 . 2012-11-24 18:34 -------- d-----w- c:\users\Mathias\AppData\Roaming\Malwarebytes 2012-11-24 18:33 . 2012-11-24 18:33 -------- d-----w- c:\programdata\Malwarebytes 2012-11-24 18:33 . 2012-11-24 18:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-24 18:33 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-24 18:20 . 2012-11-24 20:23 -------- d-----w- c:\programdata\Comodo 2012-11-24 18:20 . 2012-11-25 17:57 -------- d-----w- c:\program files\COMODO 2012-11-24 18:20 . 2012-11-24 18:20 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-11-24 18:16 . 2012-11-24 18:20 -------- d-----w- c:\programdata\Comodo Downloader 2012-11-24 13:01 . 2012-11-24 13:01 -------- d-----w- c:\users\Mathias\AppData\Roaming\TuneUp Software 2012-11-24 12:58 . 2012-11-24 18:20 -------- d-----w- c:\programdata\MFAData 2012-11-24 12:58 . 2012-11-24 18:18 -------- d-----w- c:\users\Mathias\AppData\Local\Avg2013 2012-11-24 12:58 . 2012-11-24 12:58 -------- d--h--w- c:\programdata\Common Files 2012-11-24 12:58 . 2012-11-24 12:58 -------- d-----w- c:\users\Mathias\AppData\Local\MFAData 2012-11-24 12:56 . 2012-11-24 12:56 -------- d-----w- c:\users\Mathias\AppData\Local\ElevatedDiagnostics 2012-11-22 18:29 . 2012-11-25 10:55 -------- d-----w- c:\programdata\Unity 2012-11-22 17:13 . 2012-11-22 17:13 666720 ----a-w- c:\windows\SysWow64\xsherlock.xem 2012-11-22 15:28 . 2012-11-22 15:28 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-22 13:56 . 2012-11-22 13:56 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-21 21:09 . 2012-11-21 21:09 -------- d-----w- c:\programdata\ALM 2012-11-21 21:06 . 2012-11-21 21:06 -------- d-----w- c:\users\Mathias\Adobe Flash Builder 4.6 2012-11-21 20:57 . 2012-11-21 21:13 -------- d-----w- c:\program files\Adobe 2012-11-21 20:56 . 2012-11-21 21:13 -------- d-----w- c:\program files\Common Files\Adobe 2012-11-21 15:53 . 2012-11-21 15:53 -------- d-----w- c:\users\Mathias\AppData\Local\Aeria Games 2012-11-21 15:53 . 2012-11-21 15:53 -------- d-----w- c:\programdata\Aeria Games 2012-11-21 15:20 . 2012-11-21 15:20 -------- d-----w- c:\users\Mathias\AppData\Local\Diagnostics 2012-11-21 15:19 . 2012-11-24 12:21 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2012-11-21 15:19 . 2012-11-21 15:19 -------- d-----w- c:\program files (x86)\Aeria Games 2012-11-21 14:48 . 2012-11-24 12:21 -------- d-----w- C:\AeriaGames 2012-11-21 14:20 . 2012-11-21 14:20 -------- d-----w- c:\users\Mathias\AppData\Local\VS Revo Group 2012-11-21 14:20 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-11-21 14:20 . 2012-11-21 14:20 -------- d-----w- c:\program files\VS Revo Group 2012-11-18 18:38 . 2012-11-21 14:12 -------- d-----w- c:\program files (x86)\World of Warcraft 2012-11-18 18:38 . 2012-11-18 18:38 -------- d-----w- c:\programdata\Blizzard Entertainment 2012-11-18 18:38 . 2012-11-18 18:38 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-11-18 18:13 . 2012-11-18 18:13 -------- d-----w- c:\programdata\Battle.net 2012-11-18 13:59 . 2012-11-18 13:59 -------- d-----w- c:\users\Mathias\AppData\Local\Nem's Tools 2012-11-18 13:59 . 2012-11-18 13:59 -------- d-----w- c:\program files (x86)\VTFEdit 2012-11-18 13:59 . 2012-11-18 13:59 -------- d-----w- c:\program files\Nem's Tools 2012-11-17 20:52 . 2006-03-31 11:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll 2012-11-17 20:49 . 2012-11-17 20:49 -------- d-----w- c:\users\Mathias\AppData\Local\SKIDROW 2012-11-17 20:40 . 2012-11-17 20:40 -------- d-----w- c:\program files (x86)\Activision 2012-11-16 23:53 . 2012-11-16 23:59 -------- d-----w- c:\users\Mathias\AppData\Roaming\Dev-Cpp 2012-11-16 23:53 . 2012-11-16 23:53 -------- d-----w- C:\Dev-Cpp 2012-11-16 23:28 . 2012-11-16 23:28 -------- d-----w- c:\programdata\Microsoft Visual Studio 2012-11-16 23:12 . 2012-11-16 23:12 2549120 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll 2012-11-16 23:08 . 2012-11-16 23:08 -------- d-----w- c:\program files\Application Verifier 2012-11-16 23:08 . 2012-11-16 23:08 -------- d-----w- c:\program files (x86)\Application Verifier 2012-11-16 23:08 . 2012-11-16 23:08 -------- d-----w- c:\programdata\Windows App Certification Kit 2012-11-16 23:08 . 2012-11-16 23:08 -------- d-----w- c:\program files (x86)\Common Files\Microsoft 2012-11-16 23:08 . 2012-11-16 23:08 -------- d-----w- c:\programdata\PreEmptive Solutions 2012-11-16 23:06 . 2012-11-16 23:07 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET 2012-11-16 23:06 . 2012-11-16 23:06 -------- d-----w- c:\program files (x86)\Microsoft Web Tools 2012-11-16 23:06 . 2012-11-16 23:06 -------- d-----w- c:\program files\Microsoft 2012-11-16 23:06 . 2012-11-16 23:06 -------- d-----w- c:\program files\IIS Express 2012-11-16 23:06 . 2012-11-16 23:06 -------- d-----w- c:\program files (x86)\IIS Express 2012-11-16 23:05 . 2012-11-16 23:05 -------- d-----w- c:\program files (x86)\NuGet 2012-11-16 23:05 . 2012-11-16 23:05 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services 2012-11-16 23:05 . 2012-11-16 23:05 -------- d-----w- c:\program files\IIS 2012-11-16 23:05 . 2012-11-16 23:05 -------- d-----w- c:\program files (x86)\IIS 2012-11-16 23:04 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2012-11-16 23:04 . 2012-11-16 23:04 -------- d-----w- c:\program files (x86)\Windows Kits 2012-11-16 23:01 . 2012-11-16 23:01 -------- d-----w- c:\program files (x86)\HTML Help Workshop 2012-11-16 23:01 . 2012-11-16 23:01 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer 2012-11-16 23:01 . 2012-11-16 23:02 -------- d-----w- c:\windows\SysWow64\1033 2012-11-16 23:00 . 2012-11-16 23:09 -------- d-----w- c:\program files\Microsoft SQL Server 2012-11-16 23:00 . 2012-11-16 23:09 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2012-11-16 22:59 . 2012-11-16 23:11 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0 2012-11-16 22:58 . 2012-11-16 23:01 -------- d-----w- c:\windows\system32\1033 2012-11-16 22:58 . 2012-11-16 22:58 -------- d-----w- c:\program files\Microsoft Visual Studio 11.0 2012-11-16 22:52 . 2012-11-16 22:52 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft 2012-11-16 22:52 . 2012-11-16 22:54 -------- d-----w- c:\programdata\Package Cache 2012-11-16 19:06 . 2012-11-16 19:06 -------- d-----w- c:\users\Mathias\AppData\Roaming\GridStream 2012-11-16 19:06 . 2012-11-16 19:06 -------- d-----w- c:\program files (x86)\GridStream 2012-11-16 15:16 . 2012-11-25 19:35 -------- d-----w- c:\program files (x86)\Steam 2012-11-16 15:16 . 2012-11-16 22:51 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\users\Mathias\AppData\Local\DOSBox 2012-11-16 12:28 . 2012-11-16 13:48 -------- d-----w- C:\Games 2012-11-09 07:10 . 2012-11-09 07:10 -------- d-----w- c:\users\Mathias\AppData\Roaming\.mono 2012-11-02 13:39 . 2012-11-02 13:39 -------- d-----w- c:\users\Mathias\.idlerc 2012-11-02 13:38 . 2012-11-02 13:38 -------- d-----w- C:\Python27 2012-11-01 15:38 . 2012-11-01 15:49 -------- d-----w- c:\users\Mathias\AppData\Roaming\TeamViewer 2012-10-29 16:04 . 2012-10-29 16:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-10-29 14:23 . 2012-11-21 06:51 -------- d-----w- C:\xampp 2012-10-28 10:25 . 2012-10-28 10:25 -------- d-----w- c:\programdata\Nexon 2012-10-28 10:12 . 2012-10-28 10:12 -------- d-----w- c:\program files (x86)\BandiMPEG1 2012-10-28 09:24 . 2012-10-28 10:21 -------- d-----w- C:\Download 2012-10-28 09:24 . 2012-10-28 10:10 -------- d-----w- C:\Nexon 2012-10-28 09:24 . 2012-10-28 09:24 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe 2012-10-28 09:24 . 2012-10-28 09:24 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat 2012-10-27 16:06 . 2012-10-27 16:06 -------- d-----w- c:\users\Mathias\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-10-27 02:59 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F23746C5-1200-488B-913C-86182629A5F9}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-25 01:01 . 2012-10-12 15:25 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll 2012-10-13 09:38 . 2012-10-13 09:38 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-13 09:38 . 2012-10-13 09:38 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-13 08:40 . 2012-10-13 08:40 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-10-13 08:40 . 2012-10-13 08:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-10-13 08:40 . 2012-10-13 08:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-10-13 08:40 . 2012-10-13 08:40 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-10-13 08:40 . 2012-10-13 08:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-10-13 08:40 . 2012-10-13 08:40 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-10-13 08:40 . 2012-10-13 08:40 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-10-13 08:40 . 2012-10-13 08:40 82432 ----a-w- c:\windows\system32\icardie.dll 2012-10-13 08:40 . 2012-10-13 08:40 816640 ----a-w- c:\windows\system32\jscript.dll 2012-10-13 08:40 . 2012-10-13 08:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-10-13 08:40 . 2012-10-13 08:40 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-10-13 08:40 . 2012-10-13 08:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-10-13 08:40 . 2012-10-13 08:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-10-13 08:40 . 2012-10-13 08:40 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-10-13 08:40 . 2012-10-13 08:40 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-10-13 08:40 . 2012-10-13 08:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-10-13 08:40 . 2012-10-13 08:40 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-10-13 08:40 . 2012-10-13 08:40 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-10-13 08:40 . 2012-10-13 08:40 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-10-13 08:40 . 2012-10-13 08:40 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-10-13 08:40 . 2012-10-13 08:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-10-13 08:40 . 2012-10-13 08:40 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-10-13 08:40 . 2012-10-13 08:40 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-10-13 08:40 . 2012-10-13 08:40 448512 ----a-w- c:\windows\system32\html.iec 2012-10-13 08:40 . 2012-10-13 08:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-10-13 08:40 . 2012-10-13 08:40 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-10-13 08:40 . 2012-10-13 08:40 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-10-13 08:40 . 2012-10-13 08:40 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-10-13 08:40 . 2012-10-13 08:40 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-10-13 08:40 . 2012-10-13 08:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-10-13 08:40 . 2012-10-13 08:40 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-10-13 08:40 . 2012-10-13 08:40 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-10-13 08:40 . 2012-10-13 08:40 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-10-13 08:40 . 2012-10-13 08:40 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-10-13 08:40 . 2012-10-13 08:40 248320 ----a-w- c:\windows\system32\ieui.dll 2012-10-13 08:40 . 2012-10-13 08:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-10-13 08:40 . 2012-10-13 08:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-10-13 08:40 . 2012-10-13 08:40 237056 ----a-w- c:\windows\system32\url.dll 2012-10-13 08:40 . 2012-10-13 08:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-10-13 08:40 . 2012-10-13 08:40 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-10-13 08:40 . 2012-10-13 08:40 222208 ----a-w- c:\windows\system32\msls31.dll 2012-10-13 08:40 . 2012-10-13 08:40 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-10-13 08:40 . 2012-10-13 08:40 197120 ----a-w- c:\windows\system32\msrating.dll 2012-10-13 08:40 . 2012-10-13 08:40 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-10-13 08:40 . 2012-10-13 08:40 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-10-13 08:40 . 2012-10-13 08:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-10-13 08:40 . 2012-10-13 08:40 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-10-13 08:40 . 2012-10-13 08:40 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-10-13 08:40 . 2012-10-13 08:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-10-13 08:40 . 2012-10-13 08:40 160256 ----a-w- c:\windows\system32\wextract.exe 2012-10-13 08:40 . 2012-10-13 08:40 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-10-13 08:40 . 2012-10-13 08:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-10-13 08:40 . 2012-10-13 08:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-10-13 08:40 . 2012-10-13 08:40 149504 ----a-w- c:\windows\system32\occache.dll 2012-10-13 08:40 . 2012-10-13 08:40 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-10-13 08:40 . 2012-10-13 08:40 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-10-13 08:40 . 2012-10-13 08:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-10-13 08:40 . 2012-10-13 08:40 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-10-13 08:40 . 2012-10-13 08:40 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-10-13 08:40 . 2012-10-13 08:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-10-13 08:40 . 2012-10-13 08:40 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-10-13 08:40 . 2012-10-13 08:40 12288 ----a-w- c:\windows\system32\mshta.exe 2012-10-13 08:40 . 2012-10-13 08:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-10-13 08:40 . 2012-10-13 08:40 114176 ----a-w- c:\windows\system32\admparse.dll 2012-10-13 08:40 . 2012-10-13 08:40 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-10-13 08:40 . 2012-10-13 08:40 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-10-13 08:40 . 2012-10-13 08:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-10-13 08:40 . 2012-10-13 08:40 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-10-13 08:40 . 2012-10-13 08:40 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-10-13 08:40 . 2012-10-13 08:40 103936 ----a-w- c:\windows\system32\inseng.dll 2012-10-13 08:40 . 2012-10-13 08:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-10-12 20:15 . 2012-10-12 20:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-12 20:15 . 2012-10-12 20:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-12 20:15 . 2012-10-12 20:15 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-20 14:02 . 2012-09-20 14:02 1832760 ----a-w- c:\windows\system32\LogiLDA.DLL 2012-09-14 19:19 . 2012-10-10 14:41 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 14:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 14:42 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 14:42 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 14:42 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 14:42 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-10-09 1398680] "Akamai NetSession Interface"="c:\users\Mathias\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-10-28 438272] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-11-16 1353080] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-09-10 1411224] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768] . c:\users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-21 1432400] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-12 1255736] R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-24 412264] . . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 09:38] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-22 14:19] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-22 14:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . ------- Tilleggsskanning ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138 FF - ProfilePath - c:\users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\7yqm0koq.default\ FF - ExtSQL: 2012-10-19 08:04; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-10-20 10:36; webvision@trinigy.net; c:\users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\7yqm0koq.default\extensions\webvision@trinigy.net FF - ExtSQL: 2012-10-23 17:41; {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} . - - - - TOMME PEKERE FJERNET - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-UnityWebPlayer - c:\users\Mathias\AppData\Local\Unity\WebPlayer\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Tidspunkt ferdig: 2012-11-25 21:44:22 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2012-11-25 20:44 . Pre-Run: 254 518 050 816 byte ledig Post-Run: 256 117 903 360 byte ledig . - - End Of File - - E96F7DE028E38A7CD8DE5886368ED133
  5. I used the dds to scan as i was told dds.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2 Run by Mathias at 19:31:34 on 2012-11-25 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.8172.6026 [GMT 1:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\BitTorrent\BitTorrent.exe C:\Users\Mathias\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\Steam\Steam.exe C:\Users\Mathias\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\SearchIndexer.exe C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Blender Foundation\Blender\blender.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\wermgr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyOverride = <local> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED uRun: [Akamai NetSession Interface] "C:\Users\Mathias\AppData\Local\Akamai\netsession_win.exe" uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [AdobeBridge] <no file> mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start StartupFolder: C:\Users\Mathias\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Mathias\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: NameServer = 193.213.112.4 130.67.15.198 10.0.0.138 TCP: Interfaces\{8FC6CFBC-54C0-4B87-A3A6-2FEF11CFCFDF} : DHCPNameServer = 193.213.112.4 130.67.15.198 10.0.0.138 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\7yqm0koq.default\ FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll FF - plugin: C:\Users\Mathias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\7yqm0koq.default\extensions\webvision@trinigy.net\plugins\npvision.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-10-19 08:04; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-10-20 10:36; webvision@trinigy.net; C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\7yqm0koq.default\extensions\webvision@trinigy.net FF - ExtSQL: 2012-10-23 17:41; {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-19 56208] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-24 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-24 676936] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2754984] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-24 25928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-21 1432400] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-11-21 31800] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-9 412264] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-12 1255736] S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?] . =============== File Associations =============== . FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-11-24 19:14:05 -------- d-----w- C:\Users\Mathias\AO-Skintool 2012-11-24 19:12:25 -------- d-----w- C:\Program Files (x86)\AO-Skintool 2012-11-24 18:45:01 -------- d--h--w- C:\VritualRoot 2012-11-24 18:34:14 -------- d-----w- C:\Users\Mathias\AppData\Roaming\Malwarebytes 2012-11-24 18:33:49 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-24 18:33:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-24 18:33:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-24 18:20:10 -------- d-----w- C:\ProgramData\Comodo 2012-11-24 18:20:08 -------- d-----w- C:\Program Files\COMODO 2012-11-24 18:20:07 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2012-11-24 18:16:01 -------- d-----w- C:\ProgramData\Comodo Downloader 2012-11-24 13:01:27 -------- d-----w- C:\Users\Mathias\AppData\Roaming\TuneUp Software 2012-11-24 12:58:30 -------- d--h--w- C:\ProgramData\Common Files 2012-11-24 12:58:30 -------- d-----w- C:\Users\Mathias\AppData\Local\MFAData 2012-11-24 12:58:30 -------- d-----w- C:\Users\Mathias\AppData\Local\Avg2013 2012-11-24 12:58:30 -------- d-----w- C:\ProgramData\MFAData 2012-11-24 12:56:38 -------- d-----w- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics 2012-11-22 18:29:47 -------- d-----w- C:\ProgramData\Unity 2012-11-22 17:13:49 666720 ----a-w- C:\Windows\SysWow64\xsherlock.xem 2012-11-22 13:56:45 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-11-21 21:09:49 -------- d-----w- C:\ProgramData\ALM 2012-11-21 21:06:59 -------- d-----w- C:\Users\Mathias\Adobe Flash Builder 4.6 2012-11-21 15:53:53 -------- d-----w- C:\Users\Mathias\AppData\Local\Aeria Games 2012-11-21 15:53:27 -------- d-----w- C:\ProgramData\Aeria Games 2012-11-21 15:24:44 -------- d-----w- C:\Windows\SysWow64\directx 2012-11-21 15:20:41 -------- d-----w- C:\Users\Mathias\AppData\Local\Diagnostics 2012-11-21 15:19:11 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin 2012-11-21 15:19:11 -------- d-----w- C:\Program Files (x86)\Aeria Games 2012-11-21 14:48:03 -------- d-----w- C:\AeriaGames 2012-11-21 14:20:57 -------- d-----w- C:\Users\Mathias\AppData\Local\VS Revo Group 2012-11-21 14:20:55 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2012-11-21 14:20:54 -------- d-----w- C:\Program Files\VS Revo Group 2012-11-18 18:38:25 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-11-18 18:38:25 -------- d-----w- C:\Program Files (x86)\World of Warcraft 2012-11-18 18:38:25 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-11-18 18:13:19 -------- d-----w- C:\ProgramData\Battle.net 2012-11-18 13:59:46 -------- d-----w- C:\Users\Mathias\AppData\Local\Nem's Tools 2012-11-18 13:59:34 -------- d-----w- C:\Program Files (x86)\VTFEdit 2012-11-18 13:59:20 -------- d-----w- C:\Program Files\Nem's Tools 2012-11-17 20:49:33 -------- d-----w- C:\Users\Mathias\AppData\Local\SKIDROW 2012-11-17 20:40:14 -------- d-----w- C:\Program Files (x86)\Activision 2012-11-16 23:53:59 -------- d-----w- C:\Users\Mathias\AppData\Roaming\Dev-Cpp 2012-11-16 23:53:55 -------- d-----w- C:\Dev-Cpp 2012-11-16 23:28:29 -------- d-----w- C:\ProgramData\Microsoft Visual Studio 2012-11-16 23:12:52 2549120 ----a-w- C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll 2012-11-16 23:08:53 -------- d-----w- C:\Program Files\Application Verifier 2012-11-16 23:08:53 -------- d-----w- C:\Program Files (x86)\Application Verifier 2012-11-16 23:08:47 -------- d-----w- C:\ProgramData\Windows App Certification Kit 2012-11-16 23:08:16 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft 2012-11-16 23:08:04 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2012-11-16 23:06:56 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET 2012-11-16 23:06:41 -------- d-----w- C:\Program Files (x86)\Microsoft Web Tools 2012-11-16 23:06:30 -------- d-----w- C:\Program Files\Microsoft 2012-11-16 23:06:19 -------- d-----w- C:\Program Files\IIS Express 2012-11-16 23:06:19 -------- d-----w- C:\Program Files (x86)\IIS Express 2012-11-16 23:05:51 -------- d-----w- C:\Program Files (x86)\NuGet 2012-11-16 23:05:43 -------- d-----w- C:\Program Files (x86)\Microsoft WCF Data Services 2012-11-16 23:05:38 -------- d-----w- C:\Program Files\IIS 2012-11-16 23:05:38 -------- d-----w- C:\Program Files (x86)\IIS 2012-11-16 23:04:33 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll 2012-11-16 23:04:09 -------- d-----w- C:\Program Files (x86)\Windows Kits 2012-11-16 23:01:34 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop 2012-11-16 23:01:26 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer 2012-11-16 23:01:04 -------- d-----w- C:\Windows\SysWow64\1033 2012-11-16 23:00:57 -------- d-----w- C:\Program Files\Microsoft SQL Server 2012-11-16 23:00:57 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2012-11-16 22:59:00 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0 2012-11-16 22:58:59 -------- d-----w- C:\Windows\System32\1033 2012-11-16 22:58:55 -------- d-----w- C:\Program Files\Microsoft Visual Studio 11.0 2012-11-16 22:52:35 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft 2012-11-16 22:52:34 -------- d-----w- C:\ProgramData\Package Cache 2012-11-16 19:06:55 -------- d-----w- C:\Users\Mathias\AppData\Roaming\GridStream 2012-11-16 19:06:52 -------- d-----w- C:\Program Files (x86)\GridStream 2012-11-16 15:16:01 -------- d-----w- C:\Program Files (x86)\Steam 2012-11-16 15:16:01 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2012-11-16 12:28:53 -------- d-----w- C:\Users\Mathias\AppData\Local\DOSBox 2012-11-16 12:28:44 -------- d-----w- C:\Games 2012-11-09 07:10:46 -------- d-----w- C:\Users\Mathias\AppData\Roaming\.mono 2012-11-02 13:39:14 -------- d-----w- C:\Users\Mathias\.idlerc 2012-11-02 13:38:34 -------- d-----w- C:\Python27 2012-11-01 15:38:38 -------- d-----w- C:\Users\Mathias\AppData\Roaming\TeamViewer 2012-10-29 16:04:50 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-10-29 14:23:35 -------- d-----w- C:\xampp 2012-10-28 10:25:44 -------- d-----w- C:\ProgramData\Nexon 2012-10-28 10:12:48 -------- d-----w- C:\Program Files (x86)\BandiMPEG1 2012-10-28 09:24:23 -------- d-----w- C:\Download 2012-10-28 09:24:17 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe 2012-10-28 09:24:17 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat 2012-10-28 09:24:17 -------- d-----w- C:\Nexon 2012-10-28 09:23:24 -------- d-----w- C:\ProgramData\NexonEU 2012-10-27 16:06:14 -------- d-----w- C:\Users\Mathias\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-10-27 02:59:04 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F23746C5-1200-488B-913C-86182629A5F9}\mpengine.dll . ==================== Find3M ==================== . 2012-10-13 09:38:59 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-13 09:38:59 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-12 20:15:03 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-12 20:15:03 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-12 20:15:03 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-09 14:14:28 0 ----a-w- C:\Windows\ativpsrm.bin 2012-09-20 14:02:06 1832760 ----a-w- C:\Windows\System32\LogiLDA.DLL 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe . ============= FINISH: 19:31:54,81 =============== Wasnt sure if i was going to add attach.txt to but here it is: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 09.10.2012 16:01:24 System Uptime: 25.11.2012 18:55:09 (1 hours ago) . Motherboard: Acer | | Predator G3610 Processor: Intel® Core i5-2320 CPU @ 3.00GHz | CPU 1 | 1590/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 443 GiB total, 237,213 GiB free. D: is FIXED (NTFS) - 488 GiB total, 423,186 GiB free. E: is CDROM (CDFS) I: is Removable J: is Removable K: is Removable L: is Removable M: is Removable N: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: SM-busskontroller Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_05891025&REV_05\3&11583659&0&FB Manufacturer: Name: SM-busskontroller PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_05891025&REV_05\3&11583659&0&FB Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek PCIe GBE Family Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_80001025&REV_06\02000000684CE00000 Manufacturer: Realtek Name: Realtek PCIe GBE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_80001025&REV_06\02000000684CE00000 Service: RTL8167 . Class GUID: Description: Universal Serial Bus (USB)-kontroller Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_05891025&REV_01\010101010101010100 Manufacturer: Name: Universal Serial Bus (USB)-kontroller PNP Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_05891025&REV_01\010101010101010100 Service: . Class GUID: Description: Enkel kommunikasjonskontroller for PCI Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_05891025&REV_04\3&11583659&0&B0 Manufacturer: Name: Enkel kommunikasjonskontroller for PCI PNP Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_05891025&REV_04\3&11583659&0&B0 Service: . ==== System Restore Points =================== . RP32: 22.11.2012 - Planlagt kontrollpunkt RP33: 24.11.2012 14:00:04 - Installed AVG 2013 RP34: 24.11.2012 14:00:30 - Installed AVG 2013 RP35: 24.11.2012 19:16:49 - Removed AVG 2013 RP36: 24.11.2012 19:18:05 - Removed AVG 2013 . ==== Installed Programs ====================== . Tools for .Net 3.5 Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Creative Suite 6 Master Collection Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Help Manager Adobe Reader XI - Norsk Adobe Widget Browser Aeria Ignite Akamai NetSession Interface Alliance of Valiant Arms AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Anarchy Online AO-Skintool Autodesk Backburner 2013.0.0 Autodesk DirectConnect 2013 64-bit Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit Autodesk MatchMover 2013 64-bit Autodesk Maya 2013 64-bit Bandisoft MPEG-1 Decoder BitTorrent bl Blend for Visual Studio 2012 Blend for Visual Studio 2012 ENU resources Blender Call of Duty Black Ops II Camtasia Studio 8 Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CMake 2.8, a cross-platform, open-source build system Composite 2013 64-bit Counter-Strike: Source Dev-C++ 5 beta 9 release (4.9.9.2) DK Online Dotfuscator and Analytics Community Edition Dropbox Entity Framework Designer for Visual Studio 2012 - enu FileZilla Client 3.5.3 GCFScape 1.8.3 Google Chrome Google Update Helper GridStream - GridStream Player Guild Wars 2 HeidiSQL 7.0.0.4206 Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054) IIS 8.0 Express IIS Express Application Compatibility Database for x64 IIS Express Application Compatibility Database for x86 Java 7 Update 7 Java Auto Updater Java 6 Update 22 LocalESPC LocalESPCui for en-us LogMeIn Hamachi Makehuman Malwarebytes Anti-Malware versjon 1.65.1.1000 Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.5 Multi-Targeting Pack Microsoft .NET Framework 4.5 SDK Microsoft Application Error Reporting Microsoft ASP.NET MVC 3 Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools Microsoft ASP.NET MVC 4 Runtime Microsoft ASP.NET Web Pages Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools Microsoft ASP.NET Web Pages 2 Runtime Microsoft Help Viewer 1.0 Microsoft Help Viewer 2.0 Microsoft LightSwitch for Visual Studio 2012 Core Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU Microsoft NuGet - Visual Studio 2012 Microsoft Portable Library Multi-Targeting Pack Microsoft Portable Library Multi-Targeting Pack Language Pack - enu Microsoft Report Viewer Add-On for Visual Studio 2012 Microsoft Silverlight Microsoft Silverlight 4 SDK Microsoft Silverlight 5 SDK Microsoft SQL Server 2012 Command Line Utilities Microsoft SQL Server 2012 Data-Tier App Framework Microsoft SQL Server 2012 Express LocalDB Microsoft SQL Server 2012 Management Objects Microsoft SQL Server 2012 Management Objects (x64) Microsoft SQL Server 2012 Native Client Microsoft SQL Server 2012 T-SQL Language Service Microsoft SQL Server 2012 Transact-SQL Compiler Service Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server Compact 4.0 SP1 x64 ENU Microsoft SQL Server Data Tools - enu (11.1.20627.00) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) Microsoft SQL Server System CLR Types Microsoft SQL Server System CLR Types (x64) Microsoft System CLR Types for SQL Server 2012 Microsoft System CLR Types for SQL Server 2012 (x64) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 Express - ENU Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 Microsoft Visual C++ 2012 Compilers Microsoft Visual C++ 2012 Compilers - ENU Resources Microsoft Visual C++ 2012 Core Libraries Microsoft Visual C++ 2012 Extended Libraries Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU Microsoft Visual Studio 2010 Office Developer Tools (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2012 Devenv Microsoft Visual Studio 2012 Devenv Resources Microsoft Visual Studio 2012 IntelliTrace Core amd64 Microsoft Visual Studio 2012 IntelliTrace Core x86 Microsoft Visual Studio 2012 IntelliTrace Front End x86 Microsoft Visual Studio 2012 Performance Collection Tools Microsoft Visual Studio 2012 Performance Collection Tools - ENU Microsoft Visual Studio 2012 Preparation Microsoft Visual Studio 2012 SharePoint Developer Tools Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack Microsoft Visual Studio 2012 Shell (Minimum) Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies Microsoft Visual Studio 2012 Shell (Minimum) Resources Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU Microsoft Visual Studio Premium 2012 Microsoft Visual Studio Premium 2012 - ENU Microsoft Visual Studio Professional 2012 Microsoft Visual Studio Professional 2012 - ENU Microsoft Visual Studio Team Foundation Server 2012 Object Model Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU Microsoft Visual Studio Ultimate 2012 Microsoft Visual Studio Ultimate 2012 - ENU Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources Microsoft Web Deploy 3.0 Microsoft Web Deploy dbSqlPackage Provider - enu Microsoft Web Developer Tools - Visual Studio 2012 Microsoft Web Platform Installer 4.0 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 16.0.1 (x86 nb-NO) Mozilla Maintenance Service Nexon Game Manager Notepad++ OpenOffice.org 3.3 OpenSSL 1.0.1c (32-bit) OpenSSL 1.0.1c (64-bit) PDF Settings CS6 ph PreEmptive Analytics Visual Studio Components Prerequisites for SSDT Python 2.7.3 Realtek Ethernet Controller Driver Revo Uninstaller Pro 2.5.7 Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489) Skype Click to Call Skype™ 6.0 SpeedFan (remove only) Steam TeamViewer 7 Tropico 4 1.00 TwelveSky2 Unity Unity Web Player Vindictus EU Visual Studio 2010 x64 Redistributables Visual Studio 2012 Prerequisites Visual Studio 2012 Prerequisites - ENU Language Pack Visual Studio Extensions for Windows Library for JavaScript VLC media player 2.0.4 VTFEdit 1.2.5 WCF Data Services 5.0 (for OData v3) Primary Components WCF Data Services Tools for Microsoft Visual Studio 2012 WCF RIA Services V1.0 SP2 Windows App Certification Kit Native Components Windows App Certification Kit x64 Windows Runtime Intellisense Content - en-us Windows Software Development Kit Windows Software Development Kit DirectX x64 Remote Windows Software Development Kit DirectX x86 Remote Windows Software Development Kit for Windows Store Apps Windows Software Development Kit for Windows Store Apps DirectX x64 Remote Windows Software Development Kit for Windows Store Apps DirectX x86 Remote WinRAR 4.20 (64-bit) World of Warcraft XAMPP 1.8.1 . ==== End Of File ===========================
  6. Hey Yesterday i figure out that i got a virus that makes other virus if you see the main virus lays on the service.exe in windows/system32 and i avg says that it cannot remove it becouse that will harm my computer and this antivurs dont find it. and i also find out where it spawns the other virus C:\Windows\Installer\{91cab4a9-02f9-c6ae-75f1-f90c910af292}\U it spawns thos virus often and i think one of them i keylogger i can delete them but they just come back so i think i need to get rid of that one on service.exe anyone got an idea how i can fix this?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.