Jump to content

Propably infected


Recommended Posts

Hello guys,

I'm getting Vibrant In-Text Ads on every website I go since saturday. Some people told me to come here.

Thanks for your help!

---------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:27:02, on 24.12.2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files\Plantronics\GameCom780\GameCom780.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Users\Flo\AppData\Roaming\Mobile Partner\ouc.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Flo\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=f6769b52-4661-11e2-9638-1c75089e2054

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=f6769b52-4661-11e2-9638-1c75089e2054

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll

R3 - URLSearchHook: BittorrentBar_DE Toolbar - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: BittorrentBar_DE - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AdblockIE - {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O3 - Toolbar: BittorrentBar_DE Toolbar - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Mobile Partner] "C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

O4 - HKCU\..\Run: [Google Update] "C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-21-3142006078-2183129255-2859260635-1008\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3142006078-2183129255-2859260635-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

O9 - Extra button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AAA6765F-F8E7-4F05-9194-3B14FD838857}: NameServer = 193.189.244.225 193.189.244.206

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE10082B-D3A4-49B1-849A-DC6FCC5AB440}: NameServer = 193.189.244.225 193.189.244.206

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8389EED-076E-40F7-80B2-A8BCBAED390D}: NameServer = 193.189.244.225 193.189.244.206

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll c:\progra~2\zoomex\sprote~1.dll

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe

O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 18598 bytes

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 08.07.2011 20:39:24

System Uptime: 19.12.2012 23:25:33 (112 hours ago)

.

Motherboard: Packard Bell | | EasyNote TK85

Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU | 2534/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 453 GiB total, 128,022 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP293: 15.12.2012 13:45:29 - Gerätetreiber-Paketinstallation: DT Soft Ltd Systemgeräte

RP294: 15.12.2012 13:56:20 - DirectX wurde installiert

RP295: 18.12.2012 12:07:02 - Windows Update

RP296: 24.12.2012 11:27:44 - Installed HiJackThis

RP297: 24.12.2012 14:46:07 - Windows Update

.

==== Installed Programs ======================

.

Überwachungstool für die Intel® Turbo-Boost-Technik

Acrobat.com

AdblockIE

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Reader 9.2 MUI

Advertising Center

Agatha Christie - Death on the Nile

Age of Empires Online

Amnesia: The Dark Descent

Apple Application Support

Apple Software Update

ARMA 2

ARMA 2: Operation Arrowhead

Artisteer 2

Artisteer 3

Assassin's Creed Revelations

Audacity 1.2.6

AviSynth 2.5

Awesomenauts

Backup Manager Basic

Bamboo

Bamboo Dock

Battlefield 3™

Battlefield: Bad Company™ 2

Battlelog Web Plugins

BattlEye for OA Uninstall

Bejeweled 2 Deluxe

BitTorrent

BittorrentBar_DE Toolbar

Blender

Broadcom Gigabit NetLink Controller

Build-a-lot 2

Camtasia Studio 7

CCleaner

Chuzzle Deluxe

Click to Call with Skype

Counter-Strike: Global Offensive

Crysis® 2 Demo

DAEMON Tools Pro

DAEMON Tools Toolbar

DayZ Commander

Dev-C++ 5 beta 9 release (4.9.9.2)

Die Sims™ 3

Diner Dash 2 Restaurant Rescue

Dota 2

DriverAgent by eSupport.com

Drv

DScaler 4 Test Version

Dual-Core Optimizer

Dxtory version 2.0.118

eBay Worldwide

ESN Sonar

ETDWare PS/2-x64 7.0.6.5_WHQL

Faerie Solitaire

Far Cry 2

Farm Frenzy

FATE

ffdshow [rev 3154] [2009-12-09]

Final Drive Nitro

Fraps (remove only)

Game Booster 3

Garry's Mod

Garry's Mod 13

GIMP 2.6.12

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Grand Theft Auto San Andreas

Gregion 3.1

HiJackThis

Hitman: Codename 47

Identity Card

ImagXpress

Insaniquarium Deluxe

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

IObit Toolbar v4.7

JAP

Java 7 Update 9

Java Auto Updater

Java 6 Update 29 (64-bit)

Java 6 Update 35

Jewel Quest Solitaire 2

John Deere Drive Green

Junk Mail filter update

Kaspersky Internet Security 2013

Krita 2.6 ALPHA (2012-07-11)

Launch Manager

Left 4 Dead 2

LogMeIn Hamachi

Malwarebytes Anti-Malware Version 1.65.1.1000

McAfee Security Scan Plus

McPixel

Medieval II: Total War

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile DEU Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended DEU Language Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Klick-und-Los 2010

Microsoft Office Starter 2010 - Deutsch

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 2.0

Microsoft XNA Framework Redistributable 4.0

Mobile Partner

MotioninJoy ds3 driver version 0.6.0003

MotioninJoy ds3 vibration driver version 0.100

Mozilla Firefox 17.0.1 (x86 de)

Mozilla Maintenance Service

MSI Kombustor 2.0.0

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble 1.2.3

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

nHancer

Norton Online Backup

NVIDIA Drivers

NVIDIA Grafiktreiber 301.42

NVIDIA Install Application

NVIDIA Optimus 1.8.15

NVIDIA Performance

NVIDIA PhysX

NVIDIA PhysX-Systemsoftware 9.12.0213

NVIDIA System Monitor

NVIDIA System Update

NVIDIA Systemsteuerung 301.42

NVIDIA Update 1.8.15

NVIDIA Update Components

Oblivion

OpenOffice.org 3.4

Origin

Packard Bell Games

Packard Bell InfoCentre

Packard Bell MyBackup

Packard Bell Power Management

Packard Bell Recovery Management

Packard Bell Registration

Packard Bell ScreenSaver

Packard Bell Social Networks

Packard Bell Updater

Paint.NET v3.5.10

Pando Media Booster

Penguins!

Plantronics® GameCom 780 Software for Dolby® Headphone

Plants vs. Zombies

PlayClaw 1.8 build 760

Poker Night at the Inventory

Polar Bowler

Polar Golfer

Portal

Portal 2

PS3 Theme Builder 2.5

PunkBuster Services

QuickTime

RAMDisk

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Scribblenauts Unlimited

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Six Updater

Skype™ 5.5

Smart Defrag 2

Source Filmmaker

Source SDK

Spiral Knights

StarCraft II

Steam

System Requirements Lab CYRI (64-bit)

System Requirements Lab for Intel

Team Fortress 2

Terraria

The Binding of Isaac

The Elder Scrolls V: Skyrim

The KMPlayer (remove only)

Tropico 3 1.00

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

Video Web Camera

Virtual Villagers 4 - The Tree of Life

VTFEdit 1.2.5

VTFEdit 1.3.3

WebTablet FB Plugin

WebTablet IE Plugin

WebTablet Netscape Plugin

Welcome Center

WildTangent Games App (Packard Bell Games)

Windows Live-Uploadtool

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalerie

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Sync

Windows Live Writer

WinRAR 4.01 (64-Bit)

Xross Media Simulator 1.0

ZoomEx

ZTE Handset USB Driver

Zuma's Revenge

Zuma Deluxe

.

==== End Of File ===========================

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2

Run by Flo at 15:15:44 on 2012-12-24

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3767.1656 [GMT 1:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\ProgramData\DatacardService\HWDeviceService64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\nHancer\nHancerService.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Plantronics\GameCom780\GameCom780.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe

C:\Users\Flo\AppData\Roaming\Mobile Partner\ouc.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Flo\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Users\Flo\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://searchab.com/?aff=7&uid=f6769b52-4661-11e2-9638-1c75089e2054

uDefault_Page_URL = hxxp://packardbell.msn.com

mStart Page = hxxp://searchab.com/?aff=7&uid=f6769b52-4661-11e2-9638-1c75089e2054

mDefault_Page_URL = hxxp://packardbell.msn.com

uURLSearchHooks: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll

uURLSearchHooks: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll

mURLSearchHooks: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll

mWinlogon: Userinit = userinit.exe

BHO: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: af0.Adblock.BHO: {90EFF544-3981-4d46-85C9-C0361D0931D6} -

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: BittorrentBar_DE Toolbar: {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBit0.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [HW_OPENEYE_OUC_Mobile Partner] "C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe"

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [Google Update] "C:\Users\Flo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe

uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{AAA6765F-F8E7-4F05-9194-3B14FD838857} : NameServer = 193.189.244.225 193.189.244.206

TCP: Interfaces\{C855F459-7445-487F-9EA1-F14BE93259F5} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C855F459-7445-487F-9EA1-F14BE93259F5}\64259445A51224F6870264F6E60275C414E40273 : DHCPNameServer = 192.168.178.1

TCP: Interfaces\{C855F459-7445-487F-9EA1-F14BE93259F5}\75C414E4D2731344533303 : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{DE10082B-D3A4-49B1-849A-DC6FCC5AB440} : NameServer = 193.189.244.225 193.189.244.206

TCP: Interfaces\{F3BB99C1-17B9-418C-B539-E41D46A4D03F} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{F8389EED-076E-40F7-80B2-A8BCBAED390D} : NameServer = 193.189.244.225 193.189.244.206

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~2\zoomex\sprote~1.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://packardbell.msn.com

x64-mDefault_Page_URL = hxxp://packardbell.msn.com

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

x64-DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab

x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\7655zm34.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/

FF - prefs.js: keyword.URL - hxxp://searchab.com/?aff=7&uid=f6769b52-4661-11e2-9638-1c75089e2054&q=

FF - prefs.js: network.proxy.ftp - 127.0.0.1

FF - prefs.js: network.proxy.ftp_port - 4001

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 4001

FF - prefs.js: network.proxy.socks - 127.0.0.1

FF - prefs.js: network.proxy.socks_port - 4001

FF - prefs.js: network.proxy.ssl - 127.0.0.1

FF - prefs.js: network.proxy.ssl_port - 4001

FF - prefs.js: network.proxy.type - 4

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Flo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-12-15 04:07; 50cbe95e044f1@50cbe95e0452a.com; C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\7655zm34.default\extensions\50cbe95e044f1@50cbe95e0452a.com

FF - ExtSQL: 2012-12-15 04:10; 50cbea191d79e@50cbea191d7d8.com; C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\7655zm34.default\extensions\50cbea191d79e@50cbea191d7d8.com

FF - ExtSQL: 2012-12-23 05:48; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\7655zm34.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-12-23 16:34; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF - ExtSQL: 2012-12-23 16:34; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF - ExtSQL: 2012-12-23 16:34; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF - ExtSQL: 2012-12-23 16:34; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF - ExtSQL: 2012-12-23 16:34; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-7-24 28992]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-15 55024]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2011-8-21 18232]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-15 283200]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]

R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104]

R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-1 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-12-15 868896]

R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-1 13336]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-6-28 255744]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-6-25 6583160]

R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-6-25 528760]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-1 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-11-1 243232]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-1 135560]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-1 56344]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-4-3 86016]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-1 158976]

R3 IntcDAud;Intel® Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]

R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]

R3 PlantronicsGC;PLTGC Interface;C:\Windows\System32\drivers\PLTGC.sys [2012-8-30 1327104]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 hcw10cir;Hauppauge CIR Receiver;C:\Windows\System32\drivers\hcw10cir.sys [2011-9-13 46080]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-12-25 21712]

S3 DSDrv4AMD64;DSDrv4AMD64;C:\PROGRA~2\DScaler\DSDRV4~2.SYS [2011-9-18 22488]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-4-3 117248]

S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2012-4-3 421376]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 hcw10bda;Hauppauge Cx2310x WinTV Capture;C:\Windows\System32\drivers\hcw10bda.sys [2011-9-13 632704]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016]

S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528]

S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2012-1-17 18456]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-7-23 97040]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2012-4-29 73000]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-1 246376]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-10 1255736]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-5-5 14544]

S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\System32\drivers\zghsmdm.sys [2012-1-17 129432]

.

=============== Created Last 30 ================

.

2012-12-24 13:53:50 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9F25877-D05B-4AEF-B24C-15764695A050}\offreg.dll

2012-12-24 13:47:22 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9F25877-D05B-4AEF-B24C-15764695A050}\mpengine.dll

2012-12-24 10:29:21 388096 ----a-r- C:\Users\Flo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-12-24 10:29:16 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-12-24 10:03:06 -------- d-----w- C:\Users\Flo\AppData\Roaming\Malwarebytes

2012-12-24 10:02:45 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-24 10:02:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-24 10:02:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-23 14:57:00 64856 ----a-w- C:\Windows\System32\klfphc.dll

2012-12-23 14:55:55 -------- d-----w- C:\Windows\ELAMBKUP

2012-12-23 14:55:52 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-12-23 14:55:52 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2012-12-23 14:55:29 89432 ----a-w- C:\Windows\System32\drivers\klflt.sys

2012-12-22 13:00:01 -------- d-----w- C:\Users\Flo\AppData\Roaming\gd.sos.McPixel

2012-12-15 13:02:34 -------- d-----w- C:\Users\Flo\AppData\Local\SKIDROW

2012-12-15 12:50:58 -------- d-----w- C:\Program Files (x86)\WB Games

2012-12-15 12:45:19 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-12-15 12:45:16 -------- d-----w- C:\Users\Flo\AppData\Roaming\DAEMON Tools Pro

2012-12-15 12:45:13 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro

2012-12-15 12:43:45 -------- d-----w- C:\ProgramData\DAEMON Tools Pro

2012-12-15 02:53:43 -------- d-----w- C:\ProgramData\Premium

2012-12-15 02:50:50 -------- d-----w- C:\ProgramData\%Installer_PublisherName%

2012-12-15 02:50:23 -------- d-----w- C:\Program Files (x86)\ZoomEx

2012-12-15 02:50:20 -------- d-----w- C:\ProgramData\Zoomex

2012-12-15 02:50:18 -------- d-----w- C:\ProgramData\InstallMate

2012-12-13 15:11:22 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-12-05 20:40:00 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe

2012-12-05 20:40:00 91104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll

2012-12-05 20:40:00 892008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

2012-12-05 20:40:00 270816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe

2012-12-05 20:40:00 19424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll

2012-12-05 20:40:00 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2012-12-05 20:40:00 155104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll

2012-12-05 20:40:00 15112160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll

2012-12-05 20:40:00 145376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll

2012-12-04 16:10:22 -------- d-----w- C:\Users\Flo\AppData\Local\SCE

2012-12-04 16:10:22 -------- d-----w- C:\Crash

2012-12-04 16:10:19 -------- d-----w- C:\Users\Flo\AppData\Local\Sony Online Entertainment

.

==================== Find3M ====================

.

2012-12-23 15:34:11 54104 ----a-w- C:\Windows\System32\drivers\kltdi.sys

2012-12-12 16:00:50 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 16:00:50 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-14 13:44:58 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-14 13:44:43 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-11-14 13:44:43 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-25 11:42:02 29528 ----a-w- C:\Windows\System32\drivers\klmouflt.sys

2012-10-25 11:42:02 29016 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys

.

============= FINISH: 15:16:10,82 ===============

RKreport.txt:

RogueKiller V8.4.1 [Dec 24 2012] durch Tigzy

mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com

Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Webseite : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7600 ) 64 bits version

Gestartet in : Normaler Modus

Benutzer : Flo [Admin Rechte]

Funktion : Scannen -- Datum : 12/24/2012 16:04:40

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 9 ¤¤¤

[TASK][sUSP PATH] ZoomExUpdaterTask{B667B9E7-FF14-43D5-9E78-07D6056348A0}.job : C:\ProgramData\Premium\ZoomEx\ZoomEx.exe /schedule /profile "C:\ProgramData\Premium\ZoomEx\profile.ini" -> GEFUNDEN

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{AAA6765F-F8E7-4F05-9194-3B14FD838857} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{DE10082B-D3A4-49B1-849A-DC6FCC5AB440} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{F8389EED-076E-40F7-80B2-A8BCBAED390D} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{AAA6765F-F8E7-4F05-9194-3B14FD838857} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{DE10082B-D3A4-49B1-849A-DC6FCC5AB440} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{F8389EED-076E-40F7-80B2-A8BCBAED390D} : NameServer (193.189.244.225 193.189.244.206) -> GEFUNDEN

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++

--- User ---

[MBR] b76d95bd2e081627a4113d40b383af9b

[bSP] 93fbff8487aaec43d3022bb5c816e798 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 463526 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Abgeschlossen : << RKreport[2]_S_12242012_02d1604.txt >>

RKreport[1]_S_12242012_02d1538.txt ; RKreport[2]_S_12242012_02d1604.txt

Link to post
Share on other sites

Before we proceed further, please uninstall or disable BitTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please disable Windows Defender: (it only conflicts with Kaspersky)

http://www.howtogeek...ow-turn-it-off/

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please uninstall these from add/remove programs:

BittorrentBar_DE Toolbar

IObit Toolbar v4.7

DAEMON Tools Toolbar

Java™ 6 Update 29 (64-bit)

Java™ 6 Update 35

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

Didn't work. Those ads are still everywhere.

There's a set way I go about dealing with malware so please be patient!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Believe it or not (you better do!), I just fixed the problem. It was because some website called "text-enhance.com" installed somehow an addon on every my browsers, which caused the ads. That addon was probably installed with some freeware program I installed. I got the deteminal hint from a friend, who had the same problem a whiel ago.

I am so sorry for your inconvenience and would like to thank you very, very much for your help and thus the removal of two unnoticed malware programs. I will definitely recommend your service to my friends/family.

Again, thanks and I wish you all a happy new year!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.