Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan, istart.webssearches.com and others


  • This topic is locked This topic is locked
5 replies to this topic

#1 Nab_markus

Nab_markus

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 21 May 2014 - 07:13 AM

Hi, I tried to download VLC media player, and ofcourse I managed to do it from the wrong page.... This caused me problems, and AVG Internet Security started to react, deleting trojans and other stuff... my desktop icons got removed and all my files are empty. Also istart.webssearches.com became my browser homepage and search engine, and the language on my internet browser are now french (chrome).... -.- Some files seems to be totally deleted too, and not only hidden, at least they are empty.

 

Virus and malware stopped by AVG during VLC download:

"20.05.2014, 20:27:52";"IDP.Trojan.85621A4D, C:\Users\Markus\AppData\Local\Temp\amonetize.full_08_05_2014.exe";"Identity Protection";""
 
"20.05.2014, 20:27:49";"Found MalSign.Cherished.077, c:\Users\Markus\AppData\Local\Temp\1727586\1727586.zipDir\tmp\wpm_v18.8.0.304.exe";"Resident Shield";""
 
"20.05.2014, 20:27:03";"Adware Generic_r.MD, c:\Users\Markus\Downloads\_ETbqso8MBX1";"Resident Shield";""
 

 

I tried to use the method from this page: 

http://www.bleepingcomputer.com/virus-removal/remove-webssearches.com-browser-hijacker

 

After i did it this was the message from Rkill was this:

Rkill 2.6.6 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/21/2014 11:16:33 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 4808) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/21/2014 11:17:48 AM
Execution time: 0 hours(s), 1 minute(s), and 15 seconds(s)
 
I also ran emsisoft antivirus program, but still webssearches is there, and still its french, and my files are gone...!! :@
Quarantine list from emsisoft is attached.
 
Also used unhide.exe, and the file is attached.
 
 
I also ran DDS: 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Markus at 18:48:16 on 2014-05-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.47.1044.18.3886.1668 [GMT 2:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\ProgramData\IePluginServices\PluginService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\AsScrPro.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1400610449&from=amt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXD1A90X0122X0122
uDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1400610449&from=amt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXD1A90X0122X0122
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1400610449&from=amt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXD1A90X0122X0122
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1400610449&from=amt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXD1A90X0122X0122&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1400610449&from=amt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXD1A90X0122X0122
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1400610449&from=amt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXD1A90X0122X0122&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FlowSurf: {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} - C:\Program Files (x86)\Flowsurf\flowsurf.dll
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {6CA2A4DE-483E-456B-8634-6445460D7097} - {6CA2A4DE-483E-456B-8634-6445460D7097} - C:\Program Files (x86)\Flowsurf\flowsurf.dll
TCP: NameServer = 192.168.80.1
TCP: Interfaces\{DD88FB20-24F5-4B3E-8503-1A02B4017E9A} : DHCPNameServer = 192.168.80.1
AppInit_DLLs= C:\PROGRA~2\SupTab\SEARCH~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1400610449&from=amt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXD1A90X0122X0122
x64-mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1400610449&from=amt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXD1A90X0122X0122&q={searchTerms}
x64-mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1400610449&from=amt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXD1A90X0122X0122
x64-mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1400610449&from=amt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXD1A90X0122X0122&q={searchTerms}
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-11-24 15928]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-5-20 26176]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-5-20 57024]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-24 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-4 62464]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-5-20 71472]
.
=============== Created Last 30 ================
.
2014-05-20 21:43:11 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-20 21:43:06 -------- d-----w- C:\Users\Markus\AppData\Local\Programs
2014-05-20 18:43:26 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-20 18:36:47 -------- d-sh--w- C:\Users\Markus\AppData\Local\EmieUserList
2014-05-20 18:36:47 -------- d-sh--w- C:\Users\Markus\AppData\Local\EmieSiteList
2014-05-20 18:27:50 -------- d-----w- C:\ProgramData\IePluginServices
2014-05-20 18:27:12 -------- d-----w- C:\Program Files (x86)\Flowsurf
2014-05-20 17:37:49 -------- d-----w- C:\ProgramData\Oracle
2014-05-20 17:37:32 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-20 13:59:15 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-20 10:44:02 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-05-20 10:44:02 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-05-20 10:44:01 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-05-20 10:44:01 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-05-20 08:35:16 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2014-05-20 08:35:16 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2014-05-20 08:04:55 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-20 08:04:53 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-05-20 08:04:53 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-05-20 08:04:52 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-20 08:04:52 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-05-20 08:04:52 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-05-20 05:12:08 -------- d-----w- C:\Windows\Migration
2014-05-19 20:42:23 -------- d-----w- C:\Users\Markus\AppData\Local\NVIDIA Corporation
2014-05-19 20:38:33 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-05-19 20:38:33 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-05-19 20:38:32 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-05-19 20:38:32 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-05-19 20:38:31 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-05-19 20:38:31 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-05-19 20:38:24 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-19 20:38:22 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-19 20:38:19 -------- d-----w- C:\Users\Markus\AppData\Local\NVIDIA
2014-05-19 20:33:12 -------- d-----w- C:\Windows\SysWow64\NV
2014-05-19 20:33:12 -------- d-----w- C:\Windows\System32\NV
2014-05-19 19:58:52 -------- d-----w- C:\NVIDIA
2014-05-19 15:38:17 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-05-19 15:38:17 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-05-19 15:38:17 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-05-19 15:38:17 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-05-19 15:38:17 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-05-19 15:38:17 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-05-19 15:38:17 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-05-19 15:35:41 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-05-19 15:35:41 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-05-19 15:35:40 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2014-05-19 15:35:40 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-05-19 15:35:38 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-05-19 15:35:37 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-05-19 15:35:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2014-05-19 15:35:13 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2014-05-19 15:35:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2014-05-19 15:35:13 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2014-05-19 15:34:55 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-05-19 15:34:55 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2014-05-19 15:34:32 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-19 15:34:32 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-19 15:34:21 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-05-19 15:34:21 111448 ----a-w- C:\Windows\System32\consent.exe
2014-05-19 15:33:19 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2014-05-19 15:33:19 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-05-19 15:33:18 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2014-05-19 15:33:18 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2014-05-19 15:33:18 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2014-05-19 15:33:18 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2014-05-19 15:32:56 484864 ----a-w- C:\Windows\System32\wer.dll
2014-05-19 15:32:56 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-05-19 15:32:53 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2014-05-19 15:32:53 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-05-19 15:32:47 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-05-19 15:32:47 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-05-19 15:32:15 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-05-19 15:32:15 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-05-19 15:32:15 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-05-19 15:32:15 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-05-19 15:30:36 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-05-19 15:29:56 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-05-19 15:28:28 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-05-19 15:28:24 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-05-19 15:28:24 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-05-19 15:27:26 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-05-19 15:27:26 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-05-19 15:27:26 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-05-19 15:27:26 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-05-19 15:27:26 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-05-19 15:27:26 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-05-19 15:27:20 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-05-19 15:27:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-05-19 15:25:56 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-05-19 15:11:29 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-05-19 15:11:28 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-05-19 15:11:28 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-05-19 15:11:28 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-05-19 15:11:28 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-05-19 15:09:41 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-05-19 14:53:48 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2014-05-19 14:52:59 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-18 17:58:00 -------- d-----w- C:\Windows\System32\SPReview
2014-05-18 17:55:58 -------- d-----w- C:\Windows\System32\EventProviders
2014-05-18 17:29:59 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2014-05-18 17:28:59 413696 ----a-w- C:\Windows\SysWow64\PhotoScreensaver.scr
2014-05-18 17:27:58 3584 ----a-w- C:\Windows\System32\drivers\nb-NO\tsusbflt.sys.mui
2014-05-18 17:27:52 2560 ----a-w- C:\Windows\System32\drivers\nb-NO\rdpwd.sys.mui
2014-05-18 17:27:50 14848 ----a-w- C:\Windows\System32\drivers\nb-NO\nwifi.sys.mui
2014-05-18 17:27:48 399872 ----a-w- C:\Windows\System32\dpx.dll
2014-05-18 17:27:48 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2014-05-18 17:27:41 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2014-05-18 17:27:35 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2014-05-18 17:27:35 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2014-05-18 17:27:35 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2014-05-18 17:26:31 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2014-05-18 17:26:31 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2014-05-18 17:26:25 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2014-05-18 16:36:50 2565632 ----a-w- C:\Windows\System32\esent.dll
2014-05-18 16:36:49 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2014-05-18 16:36:49 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-05-18 16:36:49 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-05-18 16:36:49 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-05-18 16:36:48 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-05-18 16:36:48 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2014-05-18 16:36:48 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-05-18 16:36:48 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-05-18 16:28:00 -------- d-----w- C:\Program Files (x86)\GeoGebra 4.4
2014-05-17 22:27:15 -------- d-----w- C:\Windows\SysWow64\directx
2014-05-17 22:27:12 -------- d-----w- C:\Games
2014-05-17 20:59:31 -------- d-----w- C:\Users\Markus\AppData\Roaming\AVG2014
2014-05-17 20:59:01 -------- d-----w- C:\Users\Markus\AppData\Roaming\TuneUp Software
2014-05-17 20:58:34 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{857A6B04-5157-418F-B83E-EE2FEEE4119F}\mpengine.dll
2014-05-17 20:58:34 -------- d-----w- C:\ProgramData\AVG2014
2014-05-17 20:58:34 -------- d-----w- C:\$AVG
2014-05-17 20:58:33 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-05-17 20:58:22 -------- d-----w- C:\Program Files (x86)\AVG
2014-05-17 20:52:04 -------- d-----w- C:\Users\Markus\AppData\Local\MFAData
2014-05-17 20:52:04 -------- d-----w- C:\Users\Markus\AppData\Local\Avg2014
2014-05-17 20:52:04 -------- d-----w- C:\ProgramData\MFAData
2014-05-17 20:52:04 -------- d-----w- C:\ProgramData\Common Files
2014-05-17 20:49:13 -------- d-----w- C:\Users\Markus\AppData\Local\Adobe
2014-05-17 20:28:40 -------- d-----w- C:\Windows\SysWow64\Wat
2014-05-17 20:28:40 -------- d-----w- C:\Windows\System32\Wat
2014-05-17 19:19:31 2560 ----a-w- C:\Windows\System32\drivers\nb-NO\wdf01000.sys.mui
2014-05-17 19:19:30 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-05-17 19:19:30 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-05-17 18:54:33 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2014-05-17 18:49:17 -------- d-----w- C:\Windows\System32\MRT
2014-05-17 18:45:08 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-05-17 18:45:08 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-05-17 18:45:08 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-05-17 18:45:08 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-05-17 18:45:07 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-05-17 18:45:07 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-05-17 18:45:07 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-05-17 18:41:14 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-05-17 18:41:14 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-05-17 18:41:14 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-05-17 18:33:20 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-05-17 18:32:57 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2014-05-17 18:32:55 478208 ----a-w- C:\Windows\System32\dpnet.dll
2014-05-17 18:32:55 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2014-05-17 18:32:55 3072 ----a-w- C:\Windows\System32\dpnaddr.dll
2014-05-17 18:32:55 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
2014-05-17 18:32:47 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2014-05-17 18:32:46 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2014-05-17 18:32:46 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2014-05-17 18:30:54 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2014-05-17 18:29:59 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-05-17 18:29:59 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-05-17 18:29:59 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-05-17 18:29:59 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-05-17 18:29:59 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-05-17 18:29:58 59392 ----a-w- C:\Windows\System32\browcli.dll
2014-05-17 18:29:58 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2014-05-17 18:29:58 136704 ----a-w- C:\Windows\System32\browser.dll
2014-05-17 18:29:56 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-05-17 18:29:56 515584 ----a-w- C:\Windows\System32\timedate.cpl
2014-05-17 18:29:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2014-05-17 18:26:03 395776 ----a-w- C:\Windows\System32\webio.dll
2014-05-17 18:26:03 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2014-05-17 18:26:02 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2014-05-17 18:26:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2014-05-17 18:26:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-05-17 18:26:01 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2014-05-17 18:26:01 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2014-05-17 18:26:01 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2014-05-17 18:26:01 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2014-05-17 18:26:01 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2014-05-17 18:26:01 1118720 ----a-w- C:\Windows\System32\sbe.dll
2014-05-17 18:25:56 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-05-17 18:25:55 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2014-05-17 18:25:55 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-05-17 18:25:54 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-05-17 18:25:54 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-05-17 18:17:24 77312 ----a-w- C:\Windows\System32\packager.dll
2014-05-17 18:17:24 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-05-17 18:03:40 947808 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-05-17 18:03:40 67176 ----a-w- C:\Windows\System32\OpenCL.dll
2014-05-17 18:03:40 57960 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-05-17 18:03:40 446056 ----a-w- C:\Windows\System32\nvoptimusmft.dll
2014-05-17 18:03:40 391784 ----a-w- C:\Windows\System32\nvdecodemft.dll
2014-05-17 18:03:40 380520 ----a-w- C:\Windows\SysWow64\nvoptimusmft.dll
2014-05-17 18:03:40 320104 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll
2014-05-17 18:03:40 1626728 ----a-w- C:\Windows\System32\nvdispco6420141.dll
2014-05-17 18:03:40 1394280 ----a-w- C:\Windows\System32\nvgenco642061.dll
2014-05-17 18:03:40 11240 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
2014-05-17 17:48:20 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-05-17 17:48:20 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-05-17 17:48:20 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-05-17 17:46:01 -------- d-----w- C:\Users\Markus\AppData\Roaming\Asus WebStorage
2014-05-17 17:45:41 -------- d-----w- C:\Users\Markus\AppData\Local\SRS Labs
2014-05-17 17:40:49 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2014-05-17 17:40:49 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2014-05-17 17:39:45 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-17 17:39:40 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-17 17:39:36 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-17 17:39:36 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-17 17:39:06 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e6a677001cf71f6\DSETUP.dll
2014-05-17 17:39:06 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e6a677001cf71f6\DXSETUP.exe
2014-05-17 17:39:06 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e6a677001cf71f6\dsetup32.dll
2014-05-17 17:38:17 -------- d-----w- C:\Users\Markus\AppData\Local\Power2Go
2014-05-17 17:38:15 -------- d-----w- C:\Users\Markus\AppData\Local\VirtualStore
2014-05-17 17:38:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2014-05-13 12:20:26 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-05-13 12:20:06 273176 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-05-13 12:06:06 323352 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-05-13 12:05:40 191768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-05-13 12:05:08 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-05-13 12:05:06 130328 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-05-13 12:04:56 236312 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-05-13 12:04:30 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
==================== Find3M  ====================
.
2014-05-18 19:13:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-05-18 19:13:19 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:58 2558808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-03-04 13:05:57 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:57 1075032 ----a-w- C:\Windows\System32\nv3dappshext.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 19:00:09,46 ===============
 
The attach.txt file is also attached.
 
WHAT TO DO?? God damn hijackers and hackers.... get a life ******!!! :@#FU# :( 
:smash: <-----This is the last option i hope...

Attached Files


Edited by Nab_markus, 21 May 2014 - 12:47 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:57 PM

Posted 22 May 2014 - 05:28 PM

Hello Nab_markus,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

3.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Nab_markus

Nab_markus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 23 May 2014 - 10:58 AM

Allright, all process done, and here are the logs from it all attached, as my internet could not manage to copy and paste it... -.-

 
Vell, thing looked better after my first scans and cleans, but i clearly see I-Explorer was not clean.... But now the french is gone, my broser is fine... and i think im good! :) Thanks for the help, ur great! ;) But, i won't donate sorry... im too poor for that!  :whistle:  :graduate: Student, you see... :P
 
(still my files in my startmenu is empty, do i have to run the program unhide.exe again, and they'll come back?)
 

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:57 PM

Posted 23 May 2014 - 05:20 PM

Glad things are better. Let's run a couple more scans to make sure nothing is leftover.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Nab_markus

Nab_markus
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 24 May 2014 - 05:14 PM

I ran antimalware and it doid not find anything... I think im good now! ;) and thanks for the help! :P :) But, my files are still hidden, shall i run unhide.exe from bleepincomputer? Thanks for the help bros! ;) Now im like: :bananas: !!!!!!!!! :D :P and  :bounce:  and  :clapping:  and  :love4u: ... ok, the last was maybe a bit too much tho... :P
Here is the log... :D
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 24.05.2014 23:10:17, SYSTEM, MARKUS-PC, Protection, Malware Protection, Starting, 
Protection, 24.05.2014 23:10:17, SYSTEM, MARKUS-PC, Protection, Malware Protection, Started, 
Protection, 24.05.2014 23:10:18, SYSTEM, MARKUS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 24.05.2014 23:13:30, SYSTEM, MARKUS-PC, Protection, Malicious Website Protection, Started, 
Update, 24.05.2014 23:44:40, SYSTEM, MARKUS-PC, Scheduler, Malware Database, 2014.5.23.11, 2014.5.24.8, 
Protection, 24.05.2014 23:44:43, SYSTEM, MARKUS-PC, Protection, Refresh, Starting, 
Protection, 24.05.2014 23:44:43, SYSTEM, MARKUS-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 24.05.2014 23:44:44, SYSTEM, MARKUS-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 24.05.2014 23:45:12, SYSTEM, MARKUS-PC, Protection, Refresh, Success, 
Protection, 24.05.2014 23:45:12, SYSTEM, MARKUS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 24.05.2014 23:45:15, SYSTEM, MARKUS-PC, Protection, Malicious Website Protection, Started, 
 
(end)
 
hohoho!!! bybye my friend! I hope i never have to reply to you again, or, not because of virus atleast!  :lmao:


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:57 PM

Posted 24 May 2014 - 10:05 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users