Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue Killer wininit.dll


  • This topic is locked This topic is locked
13 replies to this topic

#1 holzdan

holzdan

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 31 March 2014 - 12:42 PM

Hi.
i scanned my system with rogue Killer today.
It never got any things in the driver section of rogue killer so this is the first time soemthing is showing up there.
i sent the log as atteched file to this post.
Have i to be concerned about theses entries ?

RogueKiller V8.8.15 _x64_ [Mar 27 2014] durch Adlice Software
mail : http://www.adlice.com/contact/
Kommentare : http://forum.adlice.com
Webseite : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 8.1 (6.3.9200 ) 64 bits version
Gestartet in : Normaler Modus
Benutzer : BBBB [Admin Rechte]
Funktion : Scannen -- Datum : 03/31/2014 19:27:51
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 0 ¤¤¤

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow) : MSIMG32.dll -> HOOKED (C:\Windows\SYSTEM32\PhotoMetadataHandler.dll @ 0x46481010)
[Address] EAT @explorer.exe (DllGetClassObject) : MSIMG32.dll -> HOOKED (C:\Windows\SYSTEM32\PhotoMetadataHandler.dll @ 0x46481E60)
[Address] EAT @explorer.exe (DllRegisterServer) : MSIMG32.dll -> HOOKED (C:\Windows\SYSTEM32\PhotoMetadataHandler.dll @ 0x464C30B0)
[Address] EAT @explorer.exe (DllUnregisterServer) : MSIMG32.dll -> HOOKED (C:\Windows\SYSTEM32\PhotoMetadataHandler.dll @ 0x464C3114)
[Address] EAT @explorer.exe (AppCacheCheckManifest) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4492D2BC)
[Address] EAT @explorer.exe (AppCacheCloseHandle) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4492A1D8)
[Address] EAT @explorer.exe (AppCacheDeleteGroup) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A51BE0)
[Address] EAT @explorer.exe (AppCacheDeleteIEGroup) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A51C38)
[Address] EAT @explorer.exe (AppCacheDuplicateHandle) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4492A2BC)
[Address] EAT @explorer.exe (AppCacheFinalize) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A51C90)
[Address] EAT @explorer.exe (AppCacheFreeDownloadList) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A51CE8)
[Address] EAT @explorer.exe (AppCacheFreeGroupList) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44995488)
[Address] EAT @explorer.exe (AppCacheFreeIESpace) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44958570)
[Address] EAT @explorer.exe (AppCacheFreeSpace) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A51DCC)
[Address] EAT @explorer.exe (AppCacheGetDownloadList) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A51E24)
[Address] EAT @explorer.exe (AppCacheGetFallbackUrl) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A51E7C)
[Address] EAT @explorer.exe (AppCacheGetGroupList) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44995464)
[Address] EAT @explorer.exe (AppCacheGetIEGroupList) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A51ED4)
[Address] EAT @explorer.exe (AppCacheGetInfo) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A51F2C)
[Address] EAT @explorer.exe (AppCacheGetManifestUrl) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4492BB30)
[Address] EAT @explorer.exe (AppCacheLookup) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449456B8)
[Address] EAT @explorer.exe (CommitUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44935F8C)
[Address] EAT @explorer.exe (CommitUrlCacheEntryBinaryBlob) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448EBF24)
[Address] EAT @explorer.exe (CommitUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F1F50)
[Address] EAT @explorer.exe (CreateMD5SSOHash) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A29180)
[Address] EAT @explorer.exe (CreateUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44953808)
[Address] EAT @explorer.exe (CreateUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449536B8)
[Address] EAT @explorer.exe (CreateUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44935CC0)
[Address] EAT @explorer.exe (CreateUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44997200)
[Address] EAT @explorer.exe (CreateUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449971DC)
[Address] EAT @explorer.exe (CreateUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A52E4C)
[Address] EAT @explorer.exe (DeleteIE3Cache) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A57394)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44958BE0)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449494D0)
[Address] EAT @explorer.exe (DeleteUrlCacheEntry) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4495BD40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4495BD40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4495A1B0)
[Address] EAT @explorer.exe (DeleteUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A52F4C)
[Address] EAT @explorer.exe (DeleteWpadCacheForNetworks) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A10270)
[Address] EAT @explorer.exe (DetectAutoProxyUrl) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A10694)
[Address] EAT @explorer.exe (DispatchAPICall) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448D14E8)
[Address] EAT @explorer.exe (DllCanUnloadNow) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4494DC70)
[Address] EAT @explorer.exe (DllGetClassObject) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448E7470)
[Address] EAT @explorer.exe (DllInstall) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4498CD10)
[Address] EAT @explorer.exe (DllRegisterServer) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F2E30)
[Address] EAT @explorer.exe (DllUnregisterServer) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F2E64)
[Address] EAT @explorer.exe (FindCloseUrlCache) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448D553C)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F183C)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448DE8C8)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4494C580)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448D64A0)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448E89FC)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44952DE0)
[Address] EAT @explorer.exe (FindFirstUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A53044)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F1CA0)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448DEB5C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4494C704)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A5318C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A5335C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448E8680)
[Address] EAT @explorer.exe (FindNextUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A5352C)
[Address] EAT @explorer.exe (ForceNexusLookup) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A29390)
[Address] EAT @explorer.exe (ForceNexusLookupExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A293E0)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A53648)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449578B8)
[Address] EAT @explorer.exe (FtpCommandA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FD968)
[Address] EAT @explorer.exe (FtpCommandW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A01494)
[Address] EAT @explorer.exe (FtpCreateDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FDA4C)
[Address] EAT @explorer.exe (FtpCreateDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A01630)
[Address] EAT @explorer.exe (FtpDeleteFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FDAEC)
[Address] EAT @explorer.exe (FtpDeleteFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A01798)
[Address] EAT @explorer.exe (FtpFindFirstFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FDB8C)
[Address] EAT @explorer.exe (FtpFindFirstFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A01900)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FDDF8)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A01AD8)
[Address] EAT @explorer.exe (FtpGetFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FDEB8)
[Address] EAT @explorer.exe (FtpGetFileEx) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A01C60)
[Address] EAT @explorer.exe (FtpGetFileSize) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FE0DC)
[Address] EAT @explorer.exe (FtpGetFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A01DF4)
[Address] EAT @explorer.exe (FtpOpenFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FE36C)
[Address] EAT @explorer.exe (FtpOpenFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A01EF8)
[Address] EAT @explorer.exe (FtpPutFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FE44C)
[Address] EAT @explorer.exe (FtpPutFileEx) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A01F88)
[Address] EAT @explorer.exe (FtpPutFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A020EC)
[Address] EAT @explorer.exe (FtpRemoveDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FE7CC)
[Address] EAT @explorer.exe (FtpRemoveDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A021C0)
[Address] EAT @explorer.exe (FtpRenameFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FE86C)
[Address] EAT @explorer.exe (FtpRenameFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0231C)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449FE920)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0253C)
[Address] EAT @explorer.exe (GetProxyDllInfo) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449E8D3C)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A53868)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449573F4)
[Address] EAT @explorer.exe (GetUrlCacheEntryBinaryBlob) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4494B510)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A53B04)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A53CBC)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4493AB20)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44939C80)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A53F04)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A5416C)
[Address] EAT @explorer.exe (GetUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449036A0)
[Address] EAT @explorer.exe (GopherCreateLocatorA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (GopherCreateLocatorW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (GopherFindFirstFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (GopherFindFirstFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (GopherGetAttributeA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (GopherGetAttributeW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (GopherGetLocatorTypeA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (GopherGetLocatorTypeW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (GopherOpenFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (GopherOpenFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (HttpAddRequestHeadersA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448FC8C0)
[Address] EAT @explorer.exe (HttpAddRequestHeadersW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44902A20)
[Address] EAT @explorer.exe (HttpCheckDavCompliance) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A15078)
[Address] EAT @explorer.exe (HttpCloseDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4493BD00)
[Address] EAT @explorer.exe (HttpDuplicateDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4493BE60)
[Address] EAT @explorer.exe (HttpEndRequestA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449356C0)
[Address] EAT @explorer.exe (HttpEndRequestW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A15714)
[Address] EAT @explorer.exe (HttpGetServerCredentials) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A2D5FC)
[Address] EAT @explorer.exe (HttpGetTunnelSocket) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F7BD4)
[Address] EAT @explorer.exe (HttpOpenDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44946090)
[Address] EAT @explorer.exe (HttpOpenRequestA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A15D6C)
[Address] EAT @explorer.exe (HttpOpenRequestW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448FABE0)
[Address] EAT @explorer.exe (HttpPushClose) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F88B4)
[Address] EAT @explorer.exe (HttpPushEnable) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F8964)
[Address] EAT @explorer.exe (HttpPushWait) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F89BC)
[Address] EAT @explorer.exe (HttpQueryInfoA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448FF8B0)
[Address] EAT @explorer.exe (HttpQueryInfoW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4490F3A0)
[Address] EAT @explorer.exe (HttpSendRequestA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44992A14)
[Address] EAT @explorer.exe (HttpSendRequestExA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A15814)
[Address] EAT @explorer.exe (HttpSendRequestExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449354A4)
[Address] EAT @explorer.exe (HttpSendRequestW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4490287C)
[Address] EAT @explorer.exe (HttpWebSocketClose) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A25E40)
[Address] EAT @explorer.exe (HttpWebSocketCompleteUpgrade) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A263CC)
[Address] EAT @explorer.exe (HttpWebSocketQueryCloseStatus) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A25F88)
[Address] EAT @explorer.exe (HttpWebSocketReceive) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A26878)
[Address] EAT @explorer.exe (HttpWebSocketSend) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A26DBC)
[Address] EAT @explorer.exe (HttpWebSocketShutdown) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A2707C)
[Address] EAT @explorer.exe (IncrementUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449204A4)
[Address] EAT @explorer.exe (InternetAlgIdToStringA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A32440)
[Address] EAT @explorer.exe (InternetAlgIdToStringW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A32618)
[Address] EAT @explorer.exe (InternetAttemptConnect) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ECC48)
[Address] EAT @explorer.exe (InternetAutodial) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F1EF0)
[Address] EAT @explorer.exe (InternetAutodialCallback) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449E955C)
[Address] EAT @explorer.exe (InternetAutodialHangup) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F1F88)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ECCB0)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449EE0CC)
[Address] EAT @explorer.exe (InternetCheckConnectionA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ECDBC)
[Address] EAT @explorer.exe (InternetCheckConnectionW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449EE1DC)
[Address] EAT @explorer.exe (InternetClearAllPerSiteCookieDecisions) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A167F8)
[Address] EAT @explorer.exe (InternetCloseHandle) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F8400)
[Address] EAT @explorer.exe (InternetCombineUrlA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ED288)
[Address] EAT @explorer.exe (InternetCombineUrlW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F4DA8)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossing) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A333E4)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A333E4)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4498FA00)
[Address] EAT @explorer.exe (InternetConnectA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ED3A0)
[Address] EAT @explorer.exe (InternetConnectW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44901460)
[Address] EAT @explorer.exe (InternetCrackUrlA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4491C300)
[Address] EAT @explorer.exe (InternetCrackUrlW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44951DD0)
[Address] EAT @explorer.exe (InternetCreateUrlA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ED4CC)
[Address] EAT @explorer.exe (InternetCreateUrlW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F4880)
[Address] EAT @explorer.exe (InternetDial) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F2018)
[Address] EAT @explorer.exe (InternetDialA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F2018)
[Address] EAT @explorer.exe (InternetDialW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F20D0)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A16804)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A1686C)
[Address] EAT @explorer.exe (InternetErrorDlg) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A3349C)
[Address] EAT @explorer.exe (InternetFindNextFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A00DF0)
[Address] EAT @explorer.exe (InternetFindNextFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A03160)
[Address] EAT @explorer.exe (InternetFortezzaCommand) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F8A14)
[Address] EAT @explorer.exe (InternetFreeCookies) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44931254)
[Address] EAT @explorer.exe (InternetFreeProxyInfoList) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44963098)
[Address] EAT @explorer.exe (InternetGetCertByURL) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448D21A8)
[Address] EAT @explorer.exe (InternetGetCertByURLA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448D21A8)
[Address] EAT @explorer.exe (InternetGetConnectedState) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F3FF0)
[Address] EAT @explorer.exe (InternetGetConnectedStateEx) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449961B4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449961B4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449112A4)
[Address] EAT @explorer.exe (InternetGetCookieA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A17B40)
[Address] EAT @explorer.exe (InternetGetCookieEx2) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44931224)
[Address] EAT @explorer.exe (InternetGetCookieExA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A17B64)
[Address] EAT @explorer.exe (InternetGetCookieExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4493126C)
[Address] EAT @explorer.exe (InternetGetCookieW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A17E70)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ED564)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449EE2D0)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A16950)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A169A0)
[Address] EAT @explorer.exe (InternetGetProxyForUrl) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44962DE0)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURL) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ED704)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ED704)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449EE48C)
[Address] EAT @explorer.exe (InternetGoOnline) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F217C)
[Address] EAT @explorer.exe (InternetGoOnlineA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F217C)
[Address] EAT @explorer.exe (InternetGoOnlineW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F2220)
[Address] EAT @explorer.exe (InternetHangUp) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F22B8)
[Address] EAT @explorer.exe (InternetInitializeAutoProxyDll) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448EA100)
[Address] EAT @explorer.exe (InternetLockRequestFile) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4493B8D0)
[Address] EAT @explorer.exe (InternetOpenA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449146D0)
[Address] EAT @explorer.exe (InternetOpenUrlA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ED81C)
[Address] EAT @explorer.exe (InternetOpenUrlW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449EE590)
[Address] EAT @explorer.exe (InternetOpenW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44914540)
[Address] EAT @explorer.exe (InternetQueryDataAvailable) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F0660)
[Address] EAT @explorer.exe (InternetQueryFortezzaStatus) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F8A74)
[Address] EAT @explorer.exe (InternetQueryOptionA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F6F40)
[Address] EAT @explorer.exe (InternetQueryOptionW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F74F0)
[Address] EAT @explorer.exe (InternetReadFile) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449101F0)
[Address] EAT @explorer.exe (InternetReadFileExA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44946D90)
[Address] EAT @explorer.exe (InternetReadFileExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44946D00)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A327F0)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A32960)
[Address] EAT @explorer.exe (InternetSetCookieA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A17E90)
[Address] EAT @explorer.exe (InternetSetCookieEx2) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A17EB8)
[Address] EAT @explorer.exe (InternetSetCookieExA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A17F18)
[Address] EAT @explorer.exe (InternetSetCookieExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4491BDA0)
[Address] EAT @explorer.exe (InternetSetCookieW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A17FBC)
[Address] EAT @explorer.exe (InternetSetDialState) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F2338)
[Address] EAT @explorer.exe (InternetSetDialStateA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F2338)
[Address] EAT @explorer.exe (InternetSetDialStateW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F2390)
[Address] EAT @explorer.exe (InternetSetFilePointer) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4499763C)
[Address] EAT @explorer.exe (InternetSetOptionA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F5EB0)
[Address] EAT @explorer.exe (InternetSetOptionExA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449EEBA4)
[Address] EAT @explorer.exe (InternetSetOptionExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449EECA0)
[Address] EAT @explorer.exe (InternetSetOptionW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448F6370)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A16A38)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A16AD0)
[Address] EAT @explorer.exe (InternetSetStatusCallback) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449164B0)
[Address] EAT @explorer.exe (InternetSetStatusCallbackA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449164B0)
[Address] EAT @explorer.exe (InternetSetStatusCallbackW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4495B9BC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURL) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ED8B0)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449ED8B0)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449EE73C)
[Address] EAT @explorer.exe (InternetTimeFromSystemTime) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44947860)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44947860)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449AD9A8)
[Address] EAT @explorer.exe (InternetTimeToSystemTime) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44993590)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44993590)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449934C0)
[Address] EAT @explorer.exe (InternetUnlockRequestFile) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4493B644)
[Address] EAT @explorer.exe (InternetWriteFile) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44935760)
[Address] EAT @explorer.exe (InternetWriteFileExA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (InternetWriteFileExW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (IsHostInProxyBypassList) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44919E94)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A543A0)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449973E4)
[Address] EAT @explorer.exe (LoadUrlCacheContent) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A0A424)
[Address] EAT @explorer.exe (ParseX509EncodedCertificateForListBoxEntry) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A32AD0)
[Address] EAT @explorer.exe (PrivacyGetZonePreferenceW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4491D40C)
[Address] EAT @explorer.exe (PrivacySetZonePreferenceW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4498CF94)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStream) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449346E4)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStreamEx) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A544F0)
[Address] EAT @explorer.exe (RegisterUrlCacheNotification) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448D2A20)
[Address] EAT @explorer.exe (ResumeSuspendedDownload) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449F13F8)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A54600)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A547DC)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A549B4)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44995FD0)
[Address] EAT @explorer.exe (RunOnceUrlCache) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448D21A8)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A54BB8)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A54CEC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroup) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A54DEC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A54DEC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x449189B0)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44928EE8)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A54FB8)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55174)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55364)
[Address] EAT @explorer.exe (SetUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55524)
[Address] EAT @explorer.exe (ShowCertificate) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A32AD0)
[Address] EAT @explorer.exe (ShowClientAuthCerts) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A32AD0)
[Address] EAT @explorer.exe (ShowSecurityInfo) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A32AF0)
[Address] EAT @explorer.exe (ShowX509EncodedCertificate) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A32C80)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFile) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55644)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileA) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55644)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileW) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A5577C)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryStream) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4495FA10)
[Address] EAT @explorer.exe (UpdateUrlCacheContentPath) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A558BC)
[Address] EAT @explorer.exe (UrlCacheCheckEntriesExist) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A559DC)
[Address] EAT @explorer.exe (UrlCacheCloseEntryHandle) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55A34)
[Address] EAT @explorer.exe (UrlCacheContainerSetEntryMaximumAge) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55A80)
[Address] EAT @explorer.exe (UrlCacheCreateContainer) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x448DEC5C)
[Address] EAT @explorer.exe (UrlCacheFindFirstEntry) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44958948)
[Address] EAT @explorer.exe (UrlCacheFindNextEntry) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44998A90)
[Address] EAT @explorer.exe (UrlCacheFreeEntryInfo) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44960A60)
[Address] EAT @explorer.exe (UrlCacheGetContentPaths) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55AD8)
[Address] EAT @explorer.exe (UrlCacheGetEntryInfo) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x4494C358)
[Address] EAT @explorer.exe (UrlCacheGetGlobalLimit) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55B30)
[Address] EAT @explorer.exe (UrlCacheReadEntryStream) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55B88)
[Address] EAT @explorer.exe (UrlCacheReloadSettings) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55BE8)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryFile) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55C40)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryStream) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55C98)
[Address] EAT @explorer.exe (UrlCacheSetGlobalLimit) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A55CF8)
[Address] EAT @explorer.exe (UrlCacheUpdateEntryExtraData) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44942E78)
[Address] EAT @explorer.exe (UrlZonesDetach) : iertutil.dll -> HOOKED (C:\Windows\SYSTEM32\WININET.dll @ 0x44A2D998)

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion : ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA332 +++++
--- User ---
[MBR] 5317ebe293c0e94df232ea69c058957a
[BSP] 2edc97e617927ca4d02fb713189d4ae2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941288 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1927964672 | Size: 12479 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++
Error reading User MBR! ([0x15] Das Gerät ist nicht bereit. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++
Error reading User MBR! ([0x15] Das Gerät ist nicht bereit. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([0x15] Das Gerät ist nicht bereit. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([0x15] Das Gerät ist nicht bereit. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Die Anforderung wird nicht unterstützt. )

Abgeschlossen : << RKreport[0]_S_03312014_192751.txt >>
RKreport[0]_S_03292014_173122.txt;RKreport[0]_S_03292014_175526.txt;RKreport[0]_S_03292014_192923.txt

Attached Files


Edited by Oh My, 05 April 2014 - 09:24 AM.
Posted RogueKiller log


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 05 April 2014 - 09:23 AM

Greetings holzdan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 holzdan

holzdan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 05 April 2014 - 10:31 AM

Hi my name is Marcus.

Thanks for your reply

 

here are my logs

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by BBBB (administrator) on BBB on 05-04-2014 17:26:09
Running from C:\Users\BBBB\Downloads
Windows 8.1 Pro (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
() C:\Program Files (x86)\ACR\AutoClubRev\web\acrlauncher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Farbar) C:\Users\BBBB\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-03-29] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3316789968-1620880144-3713458968-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3316789968-1620880144-3713458968-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [26192168 2010-05-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3316789968-1620880144-3713458968-1001\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [6277912 2014-03-18] (Piriform Ltd)
Startup: C:\Users\BBBB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ACR Launcher.lnk
ShortcutTarget: ACR Launcher.lnk -> C:\Program Files (x86)\ACR\AutoClubRev\web\acrlauncher.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x15E4003675B4CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\BBBB\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyuknd.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-09-18]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-09-18]
FF HKCU\...\Firefox\Extensions: [{3d90f257-fa16-4fd0-9407-f1fc34a25274}] - C:\Program Files (x86)\Show-Password\150.xpi
 
==================== Services (Whitelisted) =================
 
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-15] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-14] (ESET)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-02-04] (LogMeIn Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 cpuz136; \??\C:\Users\BBBB\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GENERICDRV; \??\C:\Users\BBBB\Desktop\amiflash\amiflash\Aptio\AfuWin\64\AfuWin64\amifldrv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-05 17:25 - 2014-04-05 17:26 - 00000000 ____D () C:\FRST
2014-04-05 17:25 - 2014-04-05 17:25 - 02157056 _____ (Farbar) C:\Users\BBBB\Downloads\FRST64 (1).exe
2014-04-05 13:11 - 2014-04-05 13:12 - 00336024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 13:10 - 2014-04-05 14:24 - 00050652 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 13:09 - 2014-04-05 13:09 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\BBBB\Downloads\tdsskiller.exe
2014-04-05 12:51 - 2014-03-29 18:32 - 00000741 _____ () C:\Windows\system32\Drivers\etc\hosts.20140405-125119.backup
2014-04-05 12:47 - 2014-04-05 12:47 - 00039456 _____ () C:\Users\BBBB\Desktop\RKreport 1.txt
2014-04-04 18:48 - 2014-04-04 18:48 - 00039914 _____ () C:\Users\BBBB\Desktop\RKreport[0]_S_04042014_184822.txt
2014-03-31 19:27 - 2014-03-31 19:27 - 00039456 _____ () C:\Users\BBBB\Desktop\RKreport[0]_S_03312014_192751.txt
2014-03-31 16:46 - 2014-03-31 16:47 - 04786624 _____ (Piriform Ltd) C:\Users\BBBB\Downloads\ccsetup412pro.exe
2014-03-31 16:33 - 2014-03-31 16:45 - 00000000 ____D () C:\Users\BBBB\Desktop\mbar
2014-03-31 16:31 - 2014-03-31 16:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\BBBB\Downloads\mbar-1.07.0.1009.exe
2014-03-31 16:11 - 2014-04-05 13:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 16:11 - 2014-03-31 16:33 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-31 16:11 - 2014-03-31 16:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-31 16:11 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-31 16:11 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 16:09 - 2014-03-31 16:11 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\BBBB\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-31 15:23 - 2014-03-31 15:25 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-31 15:23 - 2014-03-31 15:23 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-31 15:23 - 2014-03-31 15:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-31 15:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-31 15:19 - 2014-03-31 15:22 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\BBBB\Downloads\spybot-2.2.exe
2014-03-31 15:16 - 2014-03-31 15:17 - 01950720 _____ () C:\Users\BBBB\Downloads\AdwCleaner (1).exe
2014-03-29 20:29 - 2014-03-29 20:29 - 00039939 _____ () C:\Users\BBBB\Desktop\RKreport[0]_S_03292014_192923.txt
2014-03-29 18:55 - 2014-03-29 18:55 - 00000408 _____ () C:\Users\BBBB\Desktop\RKreport[0]_S_03292014_175526.txt
2014-03-29 18:31 - 2014-03-29 18:31 - 00040092 _____ () C:\Users\BBBB\Desktop\RKreport[0]_S_03292014_173122.txt
2014-03-29 18:22 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-03-29 18:22 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-03-29 18:20 - 2014-03-29 18:20 - 00000815 _____ () C:\Users\BBBB\Desktop\JRT.txt
2014-03-29 18:12 - 2014-03-29 18:12 - 04527616 _____ () C:\Users\BBBB\Desktop\RogueKillerX64.exe
2014-03-29 18:11 - 2014-03-29 18:31 - 00000000 ____D () C:\Users\BBBB\Desktop\RK_Quarantine
2014-03-29 18:11 - 2014-03-29 18:11 - 00000000 ____D () C:\Users\BBBB\Desktop\RogueKiller_8.8.14
2014-03-29 18:05 - 2014-03-29 18:05 - 02619924 _____ () C:\Users\BBBB\Desktop\RogueKiller_8.8.14.zip
2014-03-29 18:03 - 2014-03-29 18:03 - 01950720 _____ () C:\Users\BBBB\Desktop\AdwCleaner (1).exe
2014-03-29 18:03 - 2014-03-29 18:03 - 01038974 _____ (Thisisu) C:\Users\BBBB\Desktop\JRT.exe
2014-03-18 12:28 - 2014-01-08 03:46 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-03-18 12:28 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-18 12:28 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-03-18 12:28 - 2014-01-04 17:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll
2014-03-18 12:28 - 2014-01-04 17:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-03-18 12:28 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-03-18 12:28 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-03-18 12:28 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-18 12:28 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-18 12:28 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-18 12:28 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-03-18 12:28 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-18 12:28 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-03-18 12:28 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-03-18 12:28 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-03-18 12:28 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-03-18 12:28 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2014-03-18 12:28 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-03-18 12:28 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2014-03-18 12:28 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-03-18 12:28 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-03-18 12:28 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-03-18 12:28 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2014-03-18 12:28 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-03-18 12:28 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-03-18 12:28 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 12:28 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-03-18 12:28 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-03-18 12:28 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2014-03-18 12:28 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-03-18 12:28 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 12:28 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-03-18 12:28 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2014-03-18 12:28 - 2013-12-13 09:24 - 00121088 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-03-18 12:28 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2014-03-18 12:28 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2014-03-18 12:28 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-18 12:28 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-17 07:13 - 2014-03-17 07:13 - 00000000 ____D () C:\Users\BBBB\AppData\Roaming\ATI
2014-03-17 07:13 - 2014-03-17 07:13 - 00000000 ____D () C:\Users\BBBB\AppData\Local\ATI
2014-03-17 07:13 - 2014-03-17 07:13 - 00000000 ____D () C:\ProgramData\ATI
2014-03-16 10:47 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-03-16 10:47 - 2010-06-02 05:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-03-16 10:47 - 2010-06-02 05:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-03-16 10:47 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-03-16 10:47 - 2010-05-26 12:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-03-16 10:47 - 2010-05-26 12:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-03-16 10:47 - 2010-05-26 12:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-03-16 10:47 - 2010-05-26 12:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-03-16 10:47 - 2010-02-04 11:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-03-16 10:47 - 2010-02-04 11:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-03-16 10:47 - 2008-10-15 07:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-03-16 10:47 - 2008-10-15 07:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-03-16 10:47 - 2008-10-15 07:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-03-16 10:47 - 2008-10-15 07:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-03-16 10:47 - 2008-10-15 07:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-03-16 10:47 - 2008-10-15 07:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-03-16 10:23 - 2014-03-16 10:24 - 17109513 _____ () C:\Users\BBBB\Desktop\Strafakt.zip
2014-03-15 21:23 - 2014-03-15 21:23 - 00035002 _____ () C:\Windows\SysWOW64\CCCInstall_201403152023461231.log
2014-03-15 21:23 - 2014-03-15 21:23 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-03-15 21:22 - 2014-03-15 21:23 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-03-15 21:20 - 2014-03-15 21:20 - 00000000 ____D () C:\AMD
2014-03-15 15:55 - 2014-03-15 15:55 - 00000219 _____ () C:\Users\BBBB\Desktop\Counter-Strike Global Offensive.url
2014-03-14 18:34 - 2014-03-14 18:34 - 00131351 _____ () C:\Users\BBBB\Desktop\Ihr Strafverfahren-Honorarnote.zip
2014-03-14 02:41 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 02:41 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 02:41 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 02:41 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 02:41 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 02:41 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 02:41 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 02:41 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 02:41 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 02:41 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 02:41 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 02:41 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 02:41 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 02:41 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 02:41 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 02:41 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 02:41 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 02:41 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-03-14 02:41 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-14 02:40 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 02:40 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 02:40 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 02:40 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-14 02:40 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-03-14 02:40 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-03-14 02:40 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-03-14 02:40 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-03-14 02:40 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-14 02:40 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-03-14 02:40 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-03-14 02:40 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-03-14 02:40 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-14 02:40 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-03-14 02:40 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-03-14 02:40 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-03-14 02:40 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-14 02:40 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-14 02:40 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-03-14 02:40 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-14 02:40 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-03-14 02:40 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-14 02:40 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-03-14 02:40 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-14 02:40 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-03-14 02:40 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-14 02:40 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-14 02:40 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-03-14 02:40 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-03-14 02:40 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-14 02:40 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-14 02:40 - 2014-01-27 13:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-14 02:40 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-03-14 02:40 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-14 02:40 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-14 02:40 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-03-14 02:40 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-14 02:40 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-03-14 02:40 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
 
==================== One Month Modified Files and Folders =======
 
2014-04-05 17:26 - 2014-04-05 17:25 - 00000000 ____D () C:\FRST
2014-04-05 17:26 - 2013-09-18 18:30 - 00012178 _____ () C:\Users\BBBB\Downloads\FRST.txt
2014-04-05 17:25 - 2014-04-05 17:25 - 02157056 _____ (Farbar) C:\Users\BBBB\Downloads\FRST64 (1).exe
2014-04-05 17:20 - 2013-09-18 16:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-05 17:17 - 2013-09-18 16:53 - 00000000 ____D () C:\Users\BBBB\AppData\Roaming\Skype
2014-04-05 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-04-05 16:30 - 2014-02-14 19:19 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 16:02 - 2013-09-18 17:41 - 00000000 ____D () C:\Users\BBBB\AppData\Roaming\skypePM
2014-04-05 14:24 - 2014-04-05 13:10 - 00050652 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 13:16 - 2013-09-18 16:36 - 00762180 _____ () C:\Windows\system32\perfh007.dat
2014-04-05 13:16 - 2013-09-18 16:36 - 00158828 _____ () C:\Windows\system32\perfc007.dat
2014-04-05 13:16 - 2013-09-18 15:47 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 13:13 - 2013-09-18 19:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-05 13:12 - 2014-04-05 13:11 - 00336024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 13:12 - 2014-03-31 16:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 13:12 - 2014-02-14 19:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 13:12 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 13:11 - 2013-09-18 15:43 - 00000000 ____D () C:\Users\BBBB
2014-04-05 13:09 - 2014-04-05 13:09 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\BBBB\Downloads\tdsskiller.exe
2014-04-05 13:04 - 2013-09-18 15:44 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D6403588-161B-496A-9F6C-EA73D0B24A47}
2014-04-05 12:50 - 2014-01-10 14:41 - 00000000 ____D () C:\Users\BBBB\AppData\Local\CrashDumps
2014-04-05 12:47 - 2014-04-05 12:47 - 00039456 _____ () C:\Users\BBBB\Desktop\RKreport 1.txt
2014-04-04 18:48 - 2014-04-04 18:48 - 00039914 _____ () C:\Users\BBBB\Desktop\RKreport[0]_S_04042014_184822.txt
2014-04-04 17:11 - 2013-09-18 15:48 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3316789968-1620880144-3713458968-1001
2014-04-04 16:56 - 2013-12-23 15:48 - 00000000 ____D () C:\Program Files\SecurityKISS Tunnel
2014-04-04 16:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-04-02 09:10 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-31 19:27 - 2014-03-31 19:27 - 00039456 _____ () C:\Users\BBBB\Desktop\RKreport[0]_S_03312014_192751.txt
2014-03-31 16:49 - 2013-12-16 15:17 - 00000000 ____D () C:\Users\BBBB\AppData\Roaming\uTorrent
2014-03-31 16:49 - 2013-09-20 16:43 - 00000000 ____D () C:\Windows\Minidump
2014-03-31 16:47 - 2014-03-31 16:46 - 04786624 _____ (Piriform Ltd) C:\Users\BBBB\Downloads\ccsetup412pro.exe
2014-03-31 16:47 - 2013-12-28 00:40 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-31 16:47 - 2013-09-18 17:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-31 16:45 - 2014-03-31 16:33 - 00000000 ____D () C:\Users\BBBB\Desktop\mbar
2014-03-31 16:45 - 2013-09-23 15:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-31 16:33 - 2014-03-31 16:11 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-31 16:32 - 2014-03-31 16:31 - 12589848 _____ (Malwarebytes Corp.) C:\Users\BBBB\Downloads\mbar-1.07.0.1009.exe
2014-03-31 16:11 - 2014-03-31 16:11 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-31 16:11 - 2014-03-31 16:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-31 16:11 - 2014-03-31 16:09 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\BBBB\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-31 16:11 - 2013-09-18 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-31 16:08 - 2013-09-18 16:56 - 00000000 ____D () C:\AdwCleaner
2014-03-31 16:08 - 2013-09-18 16:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-31 15:25 - 2014-03-31 15:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-31 15:23 - 2014-03-31 15:23 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-31 15:23 - 2014-03-31 15:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-31 15:22 - 2014-03-31 15:19 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\BBBB\Downloads\spybot-2.2.exe
2014-03-31 15:17 - 2014-03-31 15:16 - 01950720 _____ () C:\Users\BBBB\Downloads\AdwCleaner (1).exe
2014-03-29 20:29 - 2014-03-29 20:29 - 00039939 _____ () C:\Users\BBBB\Desktop\RKreport[0]_S_03292014_192923.txt
2014-03-29 18:55 - 2014-03-29 18:55 - 00000408 _____ () C:\Users\BBBB\Desktop\RKreport[0]_S_03292014_175526.txt
2014-03-29 18:32 - 2014-04-05 12:51 - 00000741 _____ () C:\Windows\system32\Drivers\etc\hosts.20140405-125119.backup
2014-03-29 18:31 - 2014-03-29 18:31 - 00040092 _____ () C:\Users\BBBB\Desktop\RKreport[0]_S_03292014_173122.txt
2014-03-29 18:31 - 2014-03-29 18:11 - 00000000 ____D () C:\Users\BBBB\Desktop\RK_Quarantine
2014-03-29 18:20 - 2014-03-29 18:20 - 00000815 _____ () C:\Users\BBBB\Desktop\JRT.txt
2014-03-29 18:12 - 2014-03-29 18:12 - 04527616 _____ () C:\Users\BBBB\Desktop\RogueKillerX64.exe
2014-03-29 18:11 - 2014-03-29 18:11 - 00000000 ____D () C:\Users\BBBB\Desktop\RogueKiller_8.8.14
2014-03-29 18:05 - 2014-03-29 18:05 - 02619924 _____ () C:\Users\BBBB\Desktop\RogueKiller_8.8.14.zip
2014-03-29 18:03 - 2014-03-29 18:03 - 01950720 _____ () C:\Users\BBBB\Desktop\AdwCleaner (1).exe
2014-03-29 18:03 - 2014-03-29 18:03 - 01038974 _____ (Thisisu) C:\Users\BBBB\Desktop\JRT.exe
2014-03-26 01:25 - 2014-02-14 19:19 - 00004086 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 01:25 - 2014-02-14 19:19 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-23 05:21 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-03-22 13:31 - 2013-09-18 15:43 - 00000000 ___RD () C:\Users\BBBB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 13:31 - 2013-09-18 15:43 - 00000000 ___RD () C:\Users\BBBB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-22 13:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-03-18 20:39 - 2013-11-15 03:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 20:38 - 2013-11-15 03:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 20:38 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-17 07:13 - 2014-03-17 07:13 - 00000000 ____D () C:\Users\BBBB\AppData\Roaming\ATI
2014-03-17 07:13 - 2014-03-17 07:13 - 00000000 ____D () C:\Users\BBBB\AppData\Local\ATI
2014-03-17 07:13 - 2014-03-17 07:13 - 00000000 ____D () C:\ProgramData\ATI
2014-03-17 07:09 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-17 07:09 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-17 07:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-17 07:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-16 15:29 - 2013-10-05 21:23 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-16 15:29 - 2013-10-05 21:21 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-16 15:08 - 2013-10-05 21:21 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-16 10:24 - 2014-03-16 10:23 - 17109513 _____ () C:\Users\BBBB\Desktop\Strafakt.zip
2014-03-15 21:23 - 2014-03-15 21:23 - 00035002 _____ () C:\Windows\SysWOW64\CCCInstall_201403152023461231.log
2014-03-15 21:23 - 2014-03-15 21:23 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2014-03-15 21:23 - 2014-03-15 21:22 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-03-15 21:22 - 2014-01-07 13:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-15 21:21 - 2014-02-03 14:15 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-15 21:20 - 2014-03-15 21:20 - 00000000 ____D () C:\AMD
2014-03-15 21:19 - 2013-09-18 16:15 - 00000000 ____D () C:\Program Files\AMD
2014-03-15 20:35 - 2013-10-05 21:21 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-15 15:55 - 2014-03-15 15:55 - 00000219 _____ () C:\Users\BBBB\Desktop\Counter-Strike Global Offensive.url
2014-03-15 15:55 - 2013-09-18 19:19 - 00000000 ____D () C:\Users\BBBB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-14 18:34 - 2014-03-14 18:34 - 00131351 _____ () C:\Users\BBBB\Desktop\Ihr Strafverfahren-Honorarnote.zip
2014-03-11 20:20 - 2013-09-18 16:43 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
Some content of TEMP:
====================
C:\Users\BBBB\AppData\Local\Temp\{AD9622E1-CEFD-463F-9710-FE176FEF62A4}.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-14 02:40] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
 
 
 
LastRegBack: 2014-04-03 05:41
 
==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

ADDITION.txt

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by BBBB at 2014-04-05 17:26:33
Running from C:\Users\BBBB\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ESET Personal Firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30380 - BitTorrent Inc.)
ACR version 1.206 (HKLM-x32\...\{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1) (Version:  - Eutechnyx, Ltd)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.0.0 - COMODO)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
DiRT (HKLM-x32\...\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}) (Version: 1.00.0000 - Codemasters)
Dirt 2 (HKLM-x32\...\Dirt 2_is1) (Version: Dirt 2 - Ultra)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Smart Security (HKLM\...\{DA9F8C00-2674-476F-9836-0F3661A09A30}) (Version: 6.0.316.1 - ESET, spol s r. o.)
Free Video to MP3 Converter version 5.0.32.1224 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.32.1224 - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MP4 To MP3 Converter V3.0.4 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version:  - http://www.MP4ToMP3Converter.net)
Nsauditor 2.7.7 (HKLM-x32\...\Nsauditor_is1) (Version:  - Nsasoft llc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version:  - )
Ski Challenge 13 (DE) (HKCU\...\sc13-DE_MAIN) (Version:  - )
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
User's Guides (HKLM\...\{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}) (Version: 1.20.0000 - Logitech)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
23-03-2014 03:17:09 Scheduled Checkpoint
29-03-2014 16:23:07 Windows Update
 
==================== Hosts content: ==========================
 
2013-08-22 15:25 - 2014-04-05 12:51 - 00450626 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {002252B6-41D9-4622-8A15-A9A0A3BD2276} - System32\Tasks\{F74323FC-3083-4093-895C-E3C2B8D93BDB} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13] (Skype Technologies S.A.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1ADCFA86-C30E-4AFD-9A35-91C634D58AFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3F1465DC-ABE4-4AB0-8456-5E9942823A91} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {46829F18-02BA-4247-9823-22912273D5F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {7280DD17-E9E4-49DF-9D25-39BBAED1BE5D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-18] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A3D7BC04-072B-45C7-835C-FB1A67A46DD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {A8C3B74B-D542-4751-B58B-6FD74AFC0EBD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {C2771F33-418D-44CE-8926-3099381E15BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DF4172AF-33E8-4ABB-ABFC-B0F5D5FAB12E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-28 16:35 - 2014-01-28 16:35 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2013-10-05 21:21 - 2014-03-15 20:35 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-18 23:59 - 2014-03-18 23:59 - 00043520 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-12-19 18:36 - 2013-12-19 18:36 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-01-11 22:04 - 2014-02-22 21:55 - 02890476 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\acrlauncher.exe
2014-03-31 15:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-31 15:23 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-31 15:23 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-31 15:23 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-31 15:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-11 22:04 - 2014-02-22 21:55 - 00041472 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\win32service.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00110592 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\pywintypes26.dll
2014-01-11 22:04 - 2014-02-22 21:55 - 00073728 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\_ctypes.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00040448 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\_socket.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00645120 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\_ssl.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00096256 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\win32api.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00011776 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\select.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00017920 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\win32event.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00053248 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\_sqlite3.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00572928 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\sqlite3.dll
2014-01-11 22:04 - 2014-02-22 21:55 - 00167936 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\win32gui.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00027648 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\awesomium.awe.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00179200 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\winxpgui.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00980992 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\wx._core_.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00744960 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\wx._gdi_.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00669696 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\wx._windows_.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00966144 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\wx._controls_.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00675328 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\wx._misc_.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00299520 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\d3d.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00111104 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\win32file.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00023040 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\win32ts.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00023552 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\_multiprocessing.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00022528 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\win32pdh.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00036352 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\win32process.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00108032 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\bspatch.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00117248 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\sip.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00354304 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\pythoncom26.dll
2014-01-11 22:04 - 2014-02-22 21:55 - 00263168 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\win32comext.shell.shell.pyd
2014-01-11 22:04 - 2014-02-22 21:55 - 00585728 _____ () C:\Program Files (x86)\ACR\AutoClubRev\web\unicodedata.pyd
2014-01-28 16:36 - 2014-01-28 16:36 - 00885952 _____ () C:\Program Files (x86)\Comodo\Dragon\libglesv2.dll
2014-01-28 16:36 - 2014-01-28 16:36 - 00109248 _____ () C:\Program Files (x86)\Comodo\Dragon\libegl.dll
2014-01-28 16:36 - 2014-01-28 16:36 - 00879808 _____ () C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:F297470E
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80278169.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80278169.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/05/2014 01:12:52 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/05/2014 00:50:32 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3316789968-1620880144-3713458968-1001}/">.
 
Error: (04/05/2014 00:50:11 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3316789968-1620880144-3713458968-1001}/">.
 
Error: (04/05/2014 11:54:34 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: googleearth.exe, Version: 7.1.2.2041, Zeitstempel: 0x525310f1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.16502, Zeitstempel: 0x52c35a76
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000e2fd8
ID des fehlerhaften Prozesses: 0x9c4
Startzeit der fehlerhaften Anwendung: 0xgoogleearth.exe0
Pfad der fehlerhaften Anwendung: googleearth.exe1
Pfad des fehlerhaften Moduls: googleearth.exe2
Berichtskennung: googleearth.exe3
Vollständiger Name des fehlerhaften Pakets: googleearth.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: googleearth.exe5
 
Error: (04/04/2014 07:29:04 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/04/2014 04:37:14 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/03/2014 07:18:13 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/03/2014 07:17:30 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/02/2014 03:27:56 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/01/2014 08:33:58 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
 
System errors:
=============
Error: (04/05/2014 00:41:55 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎05.‎04.‎2014 um 11:56:06 unerwartet heruntergefahren.
 
Error: (04/05/2014 03:37:01 AM) (Source: DCOM) (User: bbb)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (04/05/2014 03:36:30 AM) (Source: DCOM) (User: bbb)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/04/2014 04:35:58 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎04.‎04.‎2014 um 12:06:08 unerwartet heruntergefahren.
 
Error: (04/04/2014 04:16:04 AM) (Source: DCOM) (User: bbb)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/04/2014 04:15:34 AM) (Source: DCOM) (User: bbb)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (04/03/2014 05:42:04 AM) (Source: DCOM) (User: bbb)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (04/03/2014 05:41:34 AM) (Source: DCOM) (User: bbb)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/02/2014 04:35:50 AM) (Source: DCOM) (User: bbb)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (04/02/2014 04:35:20 AM) (Source: DCOM) (User: bbb)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
Microsoft Office Sessions:
=========================
Error: (04/05/2014 01:12:52 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
Error: (04/05/2014 00:50:32 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-3316789968-1620880144-3713458968-1001}/
 
Error: (04/05/2014 00:50:11 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-3316789968-1620880144-3713458968-1001}/
 
Error: (04/05/2014 11:54:34 AM) (Source: Application Error)(User: )
Description: googleearth.exe7.1.2.2041525310f1ntdll.dll6.3.9600.1650252c35a76c0000374000e2fd89c401cf50b505ad32b3C:\Program Files (x86)\Google\Google Earth\client\googleearth.exeC:\Windows\SYSTEM32\ntdll.dll4a5439cb-bca8-11e3-82ae-e06995d10095
 
Error: (04/04/2014 07:29:04 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
Error: (04/04/2014 04:37:14 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
Error: (04/03/2014 07:18:13 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
Error: (04/03/2014 07:17:30 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
Error: (04/02/2014 03:27:56 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
Error: (04/01/2014 08:33:58 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 47%
Total physical RAM: 4000.31 MB
Available physical RAM: 2112.51 MB
Total Pagefile: 4704.31 MB
Available Pagefile: 2350.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.23 GB) (Free:798.33 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.19 GB) (Free:1.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7E091A11)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 05 April 2014 - 06:51 PM

Greetings Marcus,

Did you install this add-on for Firefox?

Show-Password

Those RogueKiller entries are legitimate. Please consider and do the following.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\BBBB\AppData\Local\Temp\{AD9622E1-CEFD-463F-9710-FE176FEF62A4}.exe
AlternateDataStreams: C:\ProgramData\TEMP:F297470E
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Firefox add-on
  • Fixlog
  • Are you having any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 holzdan

holzdan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 06 April 2014 - 05:18 AM

Hi.

I can remember that eset found a threat of show-password and removed it.

Its the pc of my brother so i dont know how it has been installed , neither he can remember

 

fixlog

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by BBBB at 2014-04-06 12:16:56 Run:1
Running from C:\Users\BBBB\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\BBBB\AppData\Local\Temp\{AD9622E1-CEFD-463F-9710-FE176FEF62A4}.exe
AlternateDataStreams: C:\ProgramData\TEMP:F297470E
*****************
 
C:\Users\BBBB\AppData\Local\Temp\{AD9622E1-CEFD-463F-9710-FE176FEF62A4}.exe => Moved successfully.
C:\ProgramData\TEMP => ":F297470E" ADS removed successfully.
 
==== End of Fixlog ====

Edited by holzdan, 06 April 2014 - 08:01 AM.


#6 holzdan

holzdan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 06 April 2014 - 05:28 AM

i deinstalled firefox  a day ago cause im mainly using comodo dragon...

 

i dont have any issuses

 

was this removed exe file associated to show-password ?


Edited by holzdan, 06 April 2014 - 08:02 AM.


#7 holzdan

holzdan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 06 April 2014 - 08:11 AM

add ons activated in dragon

 

ad block

ad block plus

privdog

comodo web inspector



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 06 April 2014 - 08:38 AM

Greetings,

The entries we deleted were not associated with Show-Password. The program is not bad, in and of itself, if one is aware of and has permitted its presence on a computer. With these types of programs I always check before deleting. Based on what you have said I would suggest we remove it. If that is agreeable, please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKCU\...\Firefox\Extensions: [{3d90f257-fa16-4fd0-9407-f1fc34a25274}] - C:\Program Files (x86)\Show-Password\150.xpi
C:\Program Files (x86)\Show-Password
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • It appears we are all set but one last check, is there anything else you are concerned about?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 holzdan

holzdan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 06 April 2014 - 09:33 AM

hi , thanks for your help

i think all is ok now.

the eset-alert on "show-password" made me a bit sceptic but now it should be fine

thanks

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by BBBB at 2014-04-06 16:30:14 Run:3
Running from C:\Users\BBBB\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\Firefox\Extensions: [{3d90f257-fa16-4fd0-9407-f1fc34a25274}] - C:\Program Files (x86)\Show-Password\150.xpi
C:\Program Files (x86)\Show-Password
*****************
 
"C:\Program Files (x86)\Show-Password" => File/Directory not found.
 
==== End of Fixlog ====


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 06 April 2014 - 09:56 AM

Very good Marcus,

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 holzdan

holzdan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 06 April 2014 - 01:51 PM

ok thanks

what was that removed exe file with farbar fix option ?

btw i would like to scan my own computer for some threats...have eset and malwarebytes installed but just for going sure....

should i post a farbar log from my personal system ?


Edited by holzdan, 06 April 2014 - 02:00 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 06 April 2014 - 02:09 PM

Hard to tell what the entries were, we just know they do not belong. It is possible the .exe file was an installation file and since it was located in a temp folder it should be considered just that, of temporary need. It is safer to delete it. As far as the second entry an Alternate Data Stream is a sort of addendum to a file and is often used for malicious purposes. What we removed is commonly seen and routinely deleted.

Unfortunately one post is for one computer. If you wanted to address you other computer you would need to start a new post. If you are not experiencing any symptoms with your computer you may be able to run the scans and by looking at them and doing a little research tell if the are of concern.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 holzdan

holzdan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 06 April 2014 - 02:12 PM

ok thanks



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:04 AM

Posted 08 April 2014 - 11:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users