Jump to content

partner37.mydomainadvisor.com


Recommended Posts

Welcome to the forum and No you can't.

Please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 weeks later...

Okay here are in the following Order the MBAM Log, the DDS Log and the RK Log. I'm sorry but the MBAM Log is in german. But I can translate that for you if necessary.


Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.05.06.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Niklas :: NIKLAS-PC [Administrator]
Schutz: Aktiviert
06.05.2012 23:46:47
mbam-log-2012-05-06 (23-46-47).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197261
Laufzeit: 6 Minute(n), 50 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Niklas at 21:14:28 on 2012-05-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4091.1418 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Steganos Safe OEM\SteganosHotKeyService.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=201204231EA74CA8A27E9C9473041222
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SAFEOEM HotKeys] "C:\Program Files (x86)\Steganos Safe OEM\SteganosHotKeyService.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Niklas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\PROGRA~4\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~4\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B43EB537-DF0A-4C86-9DFD-B66B2BC1F893} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B43EB537-DF0A-4C86-9DFD-B66B2BC1F893}\0596D6D656C684F6368626572776 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B43EB537-DF0A-4C86-9DFD-B66B2BC1F893}\E4544574541425 : DhcpNameServer = 195.50.140.248 195.50.140.114 195.50.140.178
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SAFEOEM HotKeys] "C:\Program Files (x86)\Steganos Safe OEM\SteganosHotKeyService.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\p1me1flv.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Niklas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];C:\Windows\sleen1664.sys [2008-10-1 85952]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-29 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-29 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 IGBASVC;EgisTec Service;C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2009-9-5 3453440]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-24 654408]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-24 1153368]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-29 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-29 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 129976]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-05-05 18:24:51 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5D45954-4592-4C86-9A84-B3C25C5CB146}\offreg.dll
2012-05-05 18:15:37 -------- d-----w- C:\Program Files (x86)\RapidShareManager
2012-05-04 15:37:33 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5D45954-4592-4C86-9A84-B3C25C5CB146}\mpengine.dll
2012-05-01 02:57:32 -------- d-----w- C:\Users\Niklas\AppData\Local\Facebook
2012-04-30 22:42:51 -------- d-----w- C:\Program Files (x86)\Amazon
2012-04-27 01:19:06 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-04-27 01:18:41 -------- d-----w- C:\Windows\PCHEALTH
2012-04-27 01:18:41 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-27 01:16:42 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-27 01:15:52 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-04-26 20:53:48 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-26 20:53:44 -------- d-----w- C:\Users\Niklas\AppData\Roaming\DAEMON Tools Lite
2012-04-26 20:53:43 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-04-26 20:49:16 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-04-25 14:53:29 -------- d-----w- C:\Users\Niklas\AppData\Local\blekkotb
2012-04-25 14:00:23 -------- d-----w- C:\Windows\System32\appmgmt
2012-04-24 17:09:32 -------- d-----w- C:\Users\Niklas\AppData\Roaming\Malwarebytes
2012-04-24 17:08:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-24 17:08:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-24 17:08:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-24 17:07:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-24 17:07:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-23 00:45:10 -------- d-----w- C:\temp
2012-04-23 00:44:47 -------- d-----w- C:\Program Files (x86)\Yawcam
2012-04-23 00:33:47 -------- d-----w- C:\ProgramData\Tarma Installer
2012-04-20 21:46:48 -------- d-----w- C:\Users\Niklas\AppData\Roaming\com.beatport.BeatportDownloader
2012-04-20 21:46:46 -------- d-----w- C:\Program Files (x86)\Beatport Downloader
2012-04-16 18:59:18 -------- d-----w- C:\Program Files\Common Files\Deterministic Networks
2012-04-16 18:59:18 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2012-04-16 11:31:47 -------- d-----w- C:\Program Files\AuthenTec
2012-04-15 19:17:47 -------- d-----w- C:\Users\Niklas\helden
2012-04-14 03:49:32 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 23:46:08 -------- d-----w- C:\Program Files (x86)\TerraTec
2012-04-12 23:46:07 53248 ----a-w- C:\Windows\SysWow64\TT_RIAA.ax
2012-04-12 23:45:32 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-04-12 23:45:32 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-04-12 23:45:32 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-04-12 23:45:32 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-04-12 23:45:32 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-04-12 23:45:32 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-04-12 23:45:27 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-04-12 23:45:26 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-04-11 01:00:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 01:00:36 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 01:00:35 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 01:00:34 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 01:00:34 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 01:00:34 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 01:00:34 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-09 15:40:46 -------- d-----w- C:\Windows\SysWow64\SDA
2012-04-09 15:40:46 -------- d-----w- C:\Program Files (x86)\O2Micro Flash Memory Card Driver
2012-04-09 11:03:08 -------- d-----w- C:\Users\Niklas\AppData\Local\Microsoft Games
2012-04-09 11:00:37 -------- d-----w- C:\Program Files\Microsoft Games
2012-04-08 10:00:00 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-05-05 16:20:34 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-26 19:48:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-26 18:09:17 0 ----a-w- C:\Windows\ativpsrm.bin
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 21:15:19,26 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 26.02.2012 19:35:41
System Uptime: 06.05.2012 14:40:43 (7 hours ago)
.
Motherboard: Acer | | Homa
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | U2E1 | 793/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 73 GiB total, 28,132 GiB free.
D: is FIXED (NTFS) - 215 GiB total, 5,626 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: TerraTec PHASE 26 USB
Device ID: USB\VID_0CCD&PID_0011&MI_02\7&27EB4BF0&0&0002
Manufacturer:
Name: TerraTec PHASE 26 USB
PNP Device ID: USB\VID_0CCD&PID_0011&MI_02\7&27EB4BF0&0&0002
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP44: 01.05.2012 14:12:19 - Windows Update
RP45: 04.05.2012 17:36:49 - Windows Update
RP46: 06.05.2012 21:09:43 - Removed Apple Application Support
.
==== Installed Programs ======================
.
Acer Bio Protection
Acer Crystal Eye Webcam Video Class Camera
Adobe AIR
Adobe Reader X (10.1.3) - Deutsch
Amazon MP3-Downloader 1.0.9
Apple Application Support
Apple Software Update
Avira Free Antivirus
Beatport Downloader
BlackBerry Desktop Software 6.1
DAEMON Tools Lite
Facebook Video Calling 1.2.0.159
Fingerprint Solution
Google Calendar Sync
Google Earth
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 31
JDownloader 0.9
Malwarebytes Anti-Malware Version 1.61.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 de)
Mozilla Maintenance Service
Opera 11.62
PHASE 26 USB ControlPanel
RapidShare Manager 2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.8
Spotify
Spybot - Search & Destroy
Steganos Safe OEM
Trillian
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VLC media player 2.0.0
.
==== End Of File ===========================


RogueKiller V7.4.3 [05/04/2012]durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in: Normal Modus
Benutzer: Niklas [Admin Rechte]
Funktion: Scan --Datum: 05/06/2012 23:40:08
¤¤¤ Böswillige Prozesse: 0 ¤¤¤
¤¤¤ Registry-Einträge: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Bestimmt Dateien / Ordner: ¤¤¤
¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤
¤¤¤ Infektion : ¤¤¤
¤¤¤ HOSTS Datei: ¤¤¤
127.0.0.1 activate.adobe.com

¤¤¤ MBR überprüfen: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] da4e06de1aa0951e27040b4fbc543549
[BSP] 8e45ec7d648595de41cf4c7f85793260 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 74926 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 173932544 | Size: 220315 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Abgeschlossen : << RKreport[1].txt >>
RKreport[1].txt

Link to post
Share on other sites

Please don't put the logs in code....they're too hard to read.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-05-07.01 - Niklas 07.05.2012 17:13:29.2.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4091.2962 [GMT 2:00]

ausgeführt von:: c:\users\Niklas\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Vorheriger Suchlauf -------

.

C:\Install.exe

c:\program files (x86)\Acer Bio Protection\PwdFilterV64.dll

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

.

.

((((((((((((((((((((((( Dateien erstellt von 2012-04-07 bis 2012-05-07 ))))))))))))))))))))))))))))))

.

.

2012-05-07 15:17 . 2012-05-07 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-05 18:15 . 2012-05-05 18:16 -------- d-----w- c:\program files (x86)\RapidShareManager

2012-05-04 15:37 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5D45954-4592-4C86-9A84-B3C25C5CB146}\mpengine.dll

2012-05-01 02:57 . 2012-05-01 02:57 -------- d-----w- c:\users\Niklas\AppData\Local\Facebook

2012-04-30 22:43 . 2012-04-30 22:43 -------- d-----w- c:\users\Niklas\AppData\Roaming\Amazon

2012-04-30 22:42 . 2012-04-30 22:42 -------- d-----w- c:\program files (x86)\Amazon

2012-04-27 01:19 . 2012-04-27 01:19 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2012-04-27 01:18 . 2012-04-27 01:18 -------- d-----w- c:\windows\PCHEALTH

2012-04-27 01:18 . 2012-04-27 01:18 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2012-04-27 01:18 . 2012-04-27 01:18 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-04-27 01:16 . 2012-04-27 01:16 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2012-04-27 01:15 . 2012-04-27 01:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-04-26 20:53 . 2012-04-26 23:25 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-04-26 20:53 . 2012-04-27 01:12 -------- d-----w- c:\users\Niklas\AppData\Roaming\DAEMON Tools Lite

2012-04-26 20:53 . 2012-04-26 20:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2012-04-26 20:49 . 2012-04-27 01:12 -------- d-----w- c:\programdata\DAEMON Tools Lite

2012-04-25 14:53 . 2012-04-25 14:53 -------- d-----w- c:\users\Niklas\AppData\Local\blekkotb

2012-04-25 14:00 . 2012-05-06 19:11 -------- d-----w- c:\windows\system32\appmgmt

2012-04-24 17:09 . 2012-04-24 17:09 -------- d-----w- c:\users\Niklas\AppData\Roaming\Malwarebytes

2012-04-24 17:08 . 2012-04-24 17:08 -------- d-----w- c:\programdata\Malwarebytes

2012-04-24 17:08 . 2012-04-24 17:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-24 17:08 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-24 17:07 . 2012-04-25 10:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-24 17:07 . 2012-04-24 17:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-23 00:45 . 2012-04-25 13:58 -------- d-----w- C:\temp

2012-04-23 00:44 . 2012-04-25 14:28 -------- d-----w- c:\program files (x86)\Yawcam

2012-04-23 00:33 . 2012-04-25 12:43 -------- d-----w- c:\programdata\Tarma Installer

2012-04-20 21:46 . 2012-04-20 21:46 -------- d-----w- c:\users\Niklas\AppData\Roaming\com.beatport.BeatportDownloader

2012-04-20 21:46 . 2012-04-20 21:46 -------- d-----w- c:\program files (x86)\Beatport Downloader

2012-04-20 21:46 . 2012-04-20 21:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-04-16 18:59 . 2012-04-16 18:59 -------- d-----w- c:\program files\Common Files\Deterministic Networks

2012-04-16 18:59 . 2012-04-16 18:59 -------- d-----w- c:\program files (x86)\Cisco Systems

2012-04-16 11:31 . 2012-04-16 11:31 -------- d-----w- c:\program files\AuthenTec

2012-04-15 19:17 . 2012-05-04 01:18 -------- d-----w- c:\users\Niklas\helden

2012-04-14 03:49 . 2012-05-05 16:20 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-12 23:46 . 2012-04-12 23:46 -------- d-----w- c:\program files (x86)\TerraTec

2012-04-12 23:46 . 2003-05-28 11:12 53248 ----a-w- c:\windows\SysWow64\TT_RIAA.ax

2012-04-12 23:45 . 2012-04-12 23:45 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2012-04-11 01:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 01:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 01:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 01:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 01:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 01:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 01:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-09 15:40 . 2012-04-09 15:40 -------- d-----w- c:\windows\SysWow64\SDA

2012-04-09 15:40 . 2012-04-09 15:40 -------- d-----w- c:\program files (x86)\O2Micro Flash Memory Card Driver

2012-04-09 11:03 . 2012-04-09 11:18 -------- d-----w- c:\users\Niklas\AppData\Local\Microsoft Games

2012-04-09 11:00 . 2012-04-09 11:00 -------- d-----w- c:\program files\Microsoft Games

2012-04-08 10:00 . 2012-05-05 16:20 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 16:20 . 2012-02-26 19:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-26 19:48 . 2012-02-26 19:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-26 18:58 . 2012-02-26 18:58 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-26 18:58 . 2012-02-26 18:58 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-26 18:58 . 2012-02-26 18:58 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-02-26 18:58 . 2012-02-26 18:58 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-02-26 18:58 . 2012-02-26 18:58 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-02-26 18:58 . 2012-02-26 18:58 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-02-26 18:58 . 2012-02-26 18:58 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-02-26 18:58 . 2012-02-26 18:58 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-02-26 18:58 . 2012-02-26 18:58 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-02-26 18:58 . 2012-02-26 18:58 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-02-26 18:58 . 2012-02-26 18:58 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-02-26 18:58 . 2012-02-26 18:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-02-26 18:58 . 2012-02-26 18:58 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-26 18:58 . 2012-02-26 18:58 448512 ----a-w- c:\windows\system32\html.iec

2012-02-26 18:58 . 2012-02-26 18:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-02-26 18:58 . 2012-02-26 18:58 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-02-26 18:58 . 2012-02-26 18:58 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-02-26 18:58 . 2012-02-26 18:58 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-26 18:58 . 2012-02-26 18:58 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-02-26 18:58 . 2012-02-26 18:58 222208 ----a-w- c:\windows\system32\msls31.dll

2012-02-26 18:58 . 2012-02-26 18:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-26 18:58 . 2012-02-26 18:58 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-02-26 18:58 . 2012-02-26 18:58 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-02-26 18:58 . 2012-02-26 18:58 160256 ----a-w- c:\windows\system32\wextract.exe

2012-02-26 18:58 . 2012-02-26 18:58 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-02-26 18:58 . 2012-02-26 18:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-02-26 18:58 . 2012-02-26 18:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-02-26 18:58 . 2012-02-26 18:58 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-26 18:58 . 2012-02-26 18:58 12288 ----a-w- c:\windows\system32\mshta.exe

2012-02-26 18:58 . 2012-02-26 18:58 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-02-26 18:58 . 2012-02-26 18:58 114176 ----a-w- c:\windows\system32\admparse.dll

2012-02-26 18:58 . 2012-02-26 18:58 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-26 18:58 . 2012-02-26 18:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-02-26 18:58 . 2012-02-26 18:58 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 13:59 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 13:59 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 13:59 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 13:59 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 14:00 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 14:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"SAFEOEM HotKeys"="c:\program files (x86)\Steganos Safe OEM\SteganosHotKeyService.exe" [2008-12-11 26112]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3575808]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

.

c:\users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-12-19 2362720]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\Sleen1664.sys [2008-10-01 13:24 85952]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]

S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-09-05 3453440]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]

S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 16:20]

.

2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-940982038-3561974710-419862137-1000Core.job

- c:\users\Niklas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 02:57]

.

2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-940982038-3561974710-419862137-1000UA.job

- c:\users\Niklas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 02:57]

.

2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 17:48]

.

2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 17:48]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-21 295936]

"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=201204231EA74CA8A27E9C9473041222

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\p1me1flv.default\

FF - prefs.js: browser.startup.homepage - about:blank

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-combofix - c:\combofix\CF18150.3XE

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-05-07 17:22:57 - PC wurde neu gestartet

ComboFix-quarantined-files.txt 2012-05-07 15:22

.

Vor Suchlauf: 18 Verzeichnis(se), 30.738.067.456 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 30.344.536.064 Bytes frei

.

- - End Of File - - 57F0440E9DC9AF0F24E97FB9F99C2BFE

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::

uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=201204231EA74CA8A27E9C9473041222

2012-04-25 14:53:29 -------- d-----w- C:\Users\Niklas\AppData\Local\blekkotb

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

ComboFix 12-05-07.01 - Niklas 07.05.2012 19:02:13.4.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4091.2751 [GMT 2:00]

ausgeführt von:: C:\Users\Niklas\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: C:\Users\Niklas\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((( Dateien erstellt von 2012-04-07 bis 2012-05-07 ))))))))))))))))))))))))))))))

2012-05-07 17:06:00 . 2012-05-07 17:06:00 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-05-05 18:15:37 . 2012-05-05 18:16:21 -------- d-----w- C:\Program Files (x86)\RapidShareManager

2012-05-04 15:37:33 . 2012-04-13 08:46:11 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5D45954-4592-4C86-9A84-B3C25C5CB146}\mpengine.dll

2012-05-01 02:57:32 . 2012-05-01 02:57:48 -------- d-----w- C:\Users\Niklas\AppData\Local\Facebook

2012-04-30 22:43:29 . 2012-04-30 22:43:29 -------- d-----w- C:\Users\Niklas\AppData\Roaming\Amazon

2012-04-30 22:42:51 . 2012-04-30 22:42:51 -------- d-----w- C:\Program Files (x86)\Amazon

2012-04-27 01:19:06 . 2012-04-27 01:19:06 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-04-27 01:18:41 . 2012-04-27 01:18:41 -------- d-----w- C:\Windows\PCHEALTH

2012-04-27 01:18:41 . 2012-04-27 01:18:41 -------- d-----w- C:\Program Files (x86)\Microsoft Sync Framework

2012-04-27 01:18:41 . 2012-04-27 01:18:41 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-04-27 01:16:42 . 2012-04-27 01:16:43 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2012-04-27 01:15:52 . 2012-04-27 01:15:52 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2012-04-26 20:53:48 . 2012-04-26 23:25:37 283200 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys

2012-04-26 20:53:44 . 2012-04-27 01:12:52 -------- d-----w- C:\Users\Niklas\AppData\Roaming\DAEMON Tools Lite

2012-04-26 20:53:43 . 2012-04-26 20:53:48 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2012-04-26 20:49:16 . 2012-04-27 01:12:52 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2012-04-25 14:53:29 . 2012-04-25 14:53:31 -------- d-----w- C:\Users\Niklas\AppData\Local\blekkotb

2012-04-25 14:00:23 . 2012-05-06 19:11:24 -------- d-----w- C:\Windows\system32\appmgmt

2012-04-24 17:09:32 . 2012-04-24 17:09:32 -------- d-----w- C:\Users\Niklas\AppData\Roaming\Malwarebytes

2012-04-24 17:08:50 . 2012-04-24 17:08:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-24 17:08:46 . 2012-04-24 17:08:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-24 17:08:46 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-04-24 17:07:23 . 2012-04-25 10:09:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-04-24 17:07:23 . 2012-04-24 17:07:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-04-23 00:45:10 . 2012-04-25 13:58:48 -------- d-----w- C:\temp

2012-04-23 00:44:47 . 2012-04-25 14:28:18 -------- d-----w- C:\Program Files (x86)\Yawcam

2012-04-23 00:33:47 . 2012-04-25 12:43:53 -------- d-----w- C:\ProgramData\Tarma Installer

2012-04-20 21:46:48 . 2012-04-20 21:46:48 -------- d-----w- C:\Users\Niklas\AppData\Roaming\com.beatport.BeatportDownloader

2012-04-20 21:46:46 . 2012-04-20 21:46:46 -------- d-----w- C:\Program Files (x86)\Beatport Downloader

2012-04-20 21:46:44 . 2012-04-20 21:46:44 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe AIR

2012-04-16 18:59:18 . 2012-04-16 18:59:18 -------- d-----w- C:\Program Files\Common Files\Deterministic Networks

2012-04-16 18:59:18 . 2012-04-16 18:59:18 -------- d-----w- C:\Program Files (x86)\Cisco Systems

2012-04-16 11:31:47 . 2012-04-16 11:31:47 -------- d-----w- C:\Program Files\AuthenTec

2012-04-15 19:17:47 . 2012-05-04 01:18:29 -------- d-----w- C:\Users\Niklas\helden

2012-04-14 03:49:32 . 2012-05-05 16:20:18 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-12 23:46:08 . 2012-04-12 23:46:08 -------- d-----w- C:\Program Files (x86)\TerraTec

2012-04-12 23:46:07 . 2003-05-28 11:12:06 53248 ----a-w- C:\Windows\SysWow64\TT_RIAA.ax

2012-04-12 23:45:26 . 2012-04-12 23:45:26 -------- d-----w- C:\Program Files (x86)\Common Files\InstallShield

2012-04-11 01:00:36 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys

2012-04-11 01:00:36 . 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\system32\imagehlp.dll

2012-04-11 01:00:35 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-11 01:00:34 . 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\system32\wintrust.dll

2012-04-11 01:00:34 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll

2012-04-11 01:00:34 . 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-11 01:00:34 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-09 15:40:46 . 2012-04-09 15:40:46 -------- d-----w- C:\Windows\SysWow64\SDA

2012-04-09 15:40:46 . 2012-04-09 15:40:46 -------- d-----w- C:\Program Files (x86)\O2Micro Flash Memory Card Driver

2012-04-09 11:03:08 . 2012-04-09 11:18:25 -------- d-----w- C:\Users\Niklas\AppData\Local\Microsoft Games

2012-04-09 11:00:37 . 2012-04-09 11:00:39 -------- d-----w- C:\Program Files\Microsoft Games

2012-04-08 10:00:00 . 2012-05-05 16:20:34 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-05 16:20:34 . 2012-02-26 19:30:28 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-26 19:48:32 . 2012-02-26 19:48:44 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 85504 ----a-w- C:\Windows\system32\iesetup.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 76800 ----a-w- C:\Windows\system32\tdc.ocx

2012-02-26 18:58:17 . 2012-02-26 18:58:17 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx

2012-02-26 18:58:17 . 2012-02-26 18:58:17 603648 ----a-w- C:\Windows\system32\vbscript.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 49664 ----a-w- C:\Windows\system32\imgutil.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 48640 ----a-w- C:\Windows\system32\mshtmler.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 448512 ----a-w- C:\Windows\system32\html.iec

2012-02-26 18:58:17 . 2012-02-26 18:58:17 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 367104 ----a-w- C:\Windows\SysWow64\html.iec

2012-02-26 18:58:17 . 2012-02-26 18:58:17 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 30720 ----a-w- C:\Windows\system32\licmgr10.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 222208 ----a-w- C:\Windows\system32\msls31.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 173056 ----a-w- C:\Windows\system32\ieUnatt.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 165888 ----a-w- C:\Windows\system32\iexpress.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 161792 ----a-w- C:\Windows\SysWow64\msls31.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 160256 ----a-w- C:\Windows\system32\wextract.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 152064 ----a-w- C:\Windows\SysWow64\wextract.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 12288 ----a-w- C:\Windows\system32\mshta.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe

2012-02-26 18:58:17 . 2012-02-26 18:58:17 114176 ----a-w- C:\Windows\system32\admparse.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 111616 ----a-w- C:\Windows\system32\iesysprep.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll

2012-02-26 18:58:17 . 2012-02-26 18:58:17 101888 ----a-w- C:\Windows\SysWow64\admparse.dll

2012-02-23 08:18:36 . 2010-11-21 03:27:21 279656 ------w- C:\Windows\system32\MpSigStub.exe

2012-02-17 06:38:26 . 2012-03-14 13:59:59 1031680 ----a-w- C:\Windows\system32\rdpcore.dll

2012-02-17 05:34:22 . 2012-03-14 13:59:58 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 . 2012-03-14 13:59:58 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys

2012-02-17 04:57:32 . 2012-03-14 13:59:58 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys

2012-02-10 06:36:07 . 2012-03-14 14:00:24 1544192 ----a-w- C:\Windows\system32\DWrite.dll

2012-02-10 05:38:43 . 2012-03-14 14:00:24 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

((((((((((((((((((((((((((((( SnapShot@2012-05-07_15.19.09 )))))))))))))))))))))))))))))))))))))))))

+ 2010-11-21 03:09:11 . 2012-05-07 16:56:18 31544 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10:35 . 2012-05-07 15:13:30 37128 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10:35 . 2012-05-07 16:56:18 37128 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-03-08 01:43:16 . 2012-05-07 16:51:48 7384 C:\Windows\system32\wdi\ERCQueuedResolutions.dat

+ 2012-02-26 19:20:27 . 2012-05-07 16:56:18 6952 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-940982038-3561974710-419862137-1000_UserData.bin

+ 2012-05-07 17:06:48 . 2012-05-07 17:06:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-07 15:18:24 . 2012-05-07 15:18:24 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-07 15:18:24 . 2012-05-07 15:18:24 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-07 17:06:48 . 2012-05-07 17:06:48 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36:59 . 2012-05-07 14:59:31 652360 C:\Windows\system32\perfh009.dat

+ 2009-07-14 02:36:59 . 2012-05-07 16:43:41 652360 C:\Windows\system32\perfh009.dat

- 2011-04-12 07:43:53 . 2012-05-07 14:59:31 697082 C:\Windows\system32\perfh007.dat

+ 2011-04-12 07:43:53 . 2012-05-07 16:43:41 697082 C:\Windows\system32\perfh007.dat

+ 2009-07-14 02:36:59 . 2012-05-07 16:43:41 121292 C:\Windows\system32\perfc009.dat

- 2009-07-14 02:36:59 . 2012-05-07 14:59:31 121292 C:\Windows\system32\perfc009.dat

+ 2011-04-12 07:43:53 . 2012-05-07 16:43:41 148346 C:\Windows\system32\perfc007.dat

- 2011-04-12 07:43:53 . 2012-05-07 14:59:31 148346 C:\Windows\system32\perfc007.dat

+ 2009-07-14 05:01:48 . 2012-05-07 17:06:08 385004 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01:48 . 2012-05-07 15:17:43 385004 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-02-26 19:15:40 . 2012-05-07 17:06:08 14716476 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-940982038-3561974710-419862137-1000-8192.dat

- 2012-02-26 19:15:40 . 2012-05-07 12:02:46 14716476 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-940982038-3561974710-419862137-1000-8192.dat

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 13:31:16 2144088]

"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 09:54:22 3672384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 13:02:04 254696]

"SAFEOEM HotKeys"="C:\Program Files (x86)\Steganos Safe OEM\SteganosHotKeyService.exe" [2008-12-11 08:16:28 26112]

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 20:28:32 59240]

"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 16:47:26 90448]

"VitaKeyPdtWzd"="C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-09-05 15:02:16 3575808]

"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 06:55:48 258512]

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 03:09:24 421736]

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 12:54:26 91520]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 05:53:50 843712]

C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe [2011-12-19 2362720]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]

R2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 17:48:52 136176]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-15 12:30:18 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 16:20:34 257696]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys [x]

R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 17:48:52 136176]

R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 21:50:30 31124344]

R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 01:16:42 129976]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]

R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 13:56:40 654408]

S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [x]

S1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];C:\Windows\Sleen1664.sys [2008-10-01 13:24:24 85952]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 05:53:50 63928]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 06:56:05 86224]

S2 IGBASVC;EgisTec Service;C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2009-09-05 15:02:16 3453440]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 13:31:10 1153368]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [x]

S3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys [x]

S3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys [x]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [x]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [x]

Inhalt des "geplante Tasks" Ordners

2012-05-07 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 10:00:00 . 2012-05-05 16:20:34]

2012-05-07 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-940982038-3561974710-419862137-1000Core.job

- C:\Users\Niklas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 02:57:35 . 2012-05-01 02:57:31]

2012-05-07 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-940982038-3561974710-419862137-1000UA.job

- C:\Users\Niklas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 02:57:35 . 2012-05-01 02:57:31]

2012-05-07 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 17:49:04 . 2012-02-29 17:48:52]

2012-05-07 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 17:49:04 . 2012-02-29 17:48:52]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2009-05-21 20:03:42 295936]

"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 10:35:54 94208]

------- Zusätzlicher Suchlauf -------

uLocal Page = C:\Windows\system32\blank.htm

mLocal Page = C:\Windows\SysWOW64\blank.htm

IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\p1me1flv.default\

FF - prefs.js: browser.startup.homepage - about:blank

Link to post
Share on other sites

OK Good :)

A little clean-up to do.......

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Java™ 6 Update 31<-----shouild be 32

Please go to your control panel > Java > Update Tab > Update Now

Here's the Java Update info:

java_update12.jpg

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.