Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various adware/trojan infections ("draughts", "appbroker", etc.)


  • This topic is locked This topic is locked
4 replies to this topic

#1 Minokrates

Minokrates

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 02 June 2016 - 03:54 PM

Hey everybody!

I recently got infected with multiple adwares and trojans (as seen in title), and they really stick to my system.
I was trying to download something (sorry, don't remember where) and immediatley got a notification from my Avira Free Antivirus program (I'm not using any other kind of protection aside from Windows Firewall).
Then I ran Malwarebytes Anti Malware, which found multipe infections as well as P.U.Ps. Sadly, it didn't get all the infections.

So I then ran JRT and adware removal tool multiple times, with reboots after each program, ran Malwarebytes again, again, again...

I can still use my computer properly, and have no sideeffects of the infection yet (expept for maybe 2 or 3 browser-redirections) but of course i want to get rid of it.

After rebooting, it takes some time to start windows (longer than usual) and I might have to start task manager and kill the "OnlyRunOnce"-Process, to start my system.

Now I need help from people like you, since all I know is to press buttons on programs people recommended to me.

I will be checking this post daily, so any information you need will be there in time.

Thanks in advance!

 

Greetings,

Minokrates

 

FRST log:

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
durchgeführt von Justus (Administrator) auf JUSTUS-PC (02-06-2016 22:38:42)
Gestartet von C:\Users\Justus\Downloads
Geladene Profile: Justus &  (Verfügbare Profile: Justus)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(DEVGURU Co., LTD.) D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Avira Operations GmbH & Co. KG) D:\Avira\AntiVir Desktop\avscan.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => D:\Avira\AntiVir Desktop\avgnt.exe [814608 2016-05-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3242308500-1475233920-1812755139-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3242308500-1475233920-1812755139-1000\...\Run: [Spotify Web Helper] => C:\Users\Justus\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-05-31] (Spotify Ltd)
HKU\S-1-5-21-3242308500-1475233920-1812755139-1000\...\MountPoints2: K - K:\INSTALL.EXE
HKU\S-1-5-21-3242308500-1475233920-1812755139-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3242308500-1475233920-1812755139-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Justus\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-05-31] (Spotify Ltd)
HKU\S-1-5-21-3242308500-1475233920-1812755139-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: K - K:\INSTALL.EXE
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Justus\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{E514F08B-2B19-49B0-8C23-25C1C5236B47}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3242308500-1475233920-1812755139-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-3242308500-1475233920-1812755139-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-3242308500-1475233920-1812755139-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-3242308500-1475233920-1812755139-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3242308500-1475233920-1812755139-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3242308500-1475233920-1812755139-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-02] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-02] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Justus\AppData\Roaming\Mozilla\Firefox\Profiles\ajlpbeyf.default
FF Homepage: hxxps://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-16] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-02] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-08-11] [ist nicht signiert]
FF Extension: All-in-One Gestures - C:\Users\Justus\AppData\Roaming\Mozilla\Firefox\Profiles\ajlpbeyf.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2016-04-27]
FF Extension: Ghostery - C:\Users\Justus\AppData\Roaming\Mozilla\Firefox\Profiles\ajlpbeyf.default\Extensions\firefox@ghostery.com.xpi [2016-05-04]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Justus\AppData\Roaming\Mozilla\Firefox\Profiles\ajlpbeyf.default\Extensions\ich@maltegoetz.de.xpi [2015-08-09]
FF Extension: uBlock Origin - C:\Users\Justus\AppData\Roaming\Mozilla\Firefox\Profiles\ajlpbeyf.default\Extensions\uBlock0@raymondhill.net.xpi [2016-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AntiVirMailService; D:\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\Avira\AntiVir Desktop\sched.exe [467016 2016-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Avira\AntiVir Desktop\avguard.exe [467016 2016-05-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; D:\Avira\AntiVir Desktop\avwebg7.exe [1435704 2016-05-12] (Avira Operations GmbH & Co. KG)
S4 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-09-09] () [Datei ist nicht signiert]
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [231480 2016-04-29] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6133816 2016-04-29] (GOG.com)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2120712 2016-04-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-04-05] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-04-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 ss_conn_service; D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 abelssoft_recordify; C:\Windows\System32\drivers\recordify.sys [56584 2016-01-08] (Abelssoft)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-05-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-12] (Avira Operations GmbH & Co. KG)
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33592 2016-01-20] (Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [229432 2016-01-20] (Dev47Apps)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-02-19] ()
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2016-04-24] (hxxp://libusb-win32.sourceforge.net)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
U0 wwqueyb; C:\Windows\System32\drivers\xlbv.sys [79064 2016-06-02] (Malwarebytes)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R3 iTurbo; \??\C:\Users\Justus\AppData\Local\Temp\iTurbo.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-02 22:38 - 2016-06-02 22:38 - 02383872 _____ (Farbar) C:\Users\Justus\Downloads\FRST64.exe
2016-06-02 22:38 - 2016-06-02 22:38 - 00019575 _____ C:\Users\Justus\Downloads\FRST.txt
2016-06-02 22:38 - 2016-06-02 22:38 - 00000000 ____D C:\FRST
2016-06-02 22:37 - 2016-06-02 22:37 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\xlbv.sys
2016-06-02 18:31 - 2016-06-02 18:34 - 00000022 _____ C:\Windows\S.dirmngr
2016-06-02 16:18 - 2016-06-02 16:18 - 01610816 _____ (Malwarebytes) C:\Users\Justus\Downloads\JRT.exe
2016-06-02 16:17 - 2016-06-02 16:17 - 03677248 _____ C:\Users\Justus\Downloads\adwcleaner_5.119.exe
2016-05-31 23:39 - 2016-05-31 23:39 - 00303960 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-31 23:39 - 2016-05-31 23:39 - 00067632 _____ C:\Users\Justus\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-31 23:02 - 2016-05-31 23:02 - 00000306 __RSH C:\Users\Justus\ntuser.pol
2016-05-31 22:26 - 2016-06-02 18:33 - 00000000 ____D C:\AdwCleaner
2016-05-17 23:11 - 2016-05-19 02:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-05-14 16:41 - 2016-05-14 16:41 - 00000000 ____D C:\Users\Justus\Documents\ANNO 1404 Venedig
2016-05-14 00:57 - 2016-05-14 00:57 - 00000000 ____D C:\Users\Justus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-06 01:15 - 2016-05-06 11:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-05 20:04 - 2016-05-05 20:04 - 00004007 _____ C:\Users\Justus\AppData\Local\recently-used.xbel
2016-05-05 11:48 - 2016-05-05 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-05-05 11:48 - 2016-05-05 11:48 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-05 11:48 - 2016-02-16 01:27 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-05 11:48 - 2016-02-16 01:26 - 00126232 _____ C:\Windows\system32\vulkan-1.dll
2016-05-05 11:48 - 2016-02-16 01:25 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe
2016-05-05 11:48 - 2016-02-16 01:25 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-03 19:26 - 2016-05-03 19:26 - 00003074 _____ C:\Windows\System32\Tasks\{33D8ADA3-4524-4383-B815-B75FC1103EE8}

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-02 22:37 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-06-02 22:29 - 2015-09-18 17:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-02 21:54 - 2015-12-29 00:49 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3242308500-1475233920-1812755139-1000UA.job
2016-06-02 18:41 - 2009-07-14 06:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-02 18:41 - 2009-07-14 06:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-02 18:38 - 2014-11-13 05:02 - 00710404 _____ C:\Windows\system32\perfh007.dat
2016-06-02 18:38 - 2014-11-13 05:02 - 00154734 _____ C:\Windows\system32\perfc007.dat
2016-06-02 18:38 - 2009-07-14 07:13 - 01651334 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-02 18:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-02 18:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-02 16:15 - 2014-11-12 22:35 - 00000000 ____D C:\ProgramData\Origin
2016-06-02 15:35 - 2014-11-19 19:46 - 00348360 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2016-06-02 15:35 - 2014-11-18 23:55 - 00348360 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-06-02 15:35 - 2014-11-18 23:55 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-06-01 23:54 - 2015-12-29 00:49 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3242308500-1475233920-1812755139-1000Core.job
2016-06-01 23:26 - 2015-03-09 01:26 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-01 14:37 - 2014-11-12 20:54 - 00000000 ____D C:\Users\Justus\AppData\Roaming\Spotify
2016-06-01 14:32 - 2014-11-12 20:54 - 00000000 ____D C:\Users\Justus\AppData\Local\Spotify
2016-05-31 23:28 - 2014-12-07 22:04 - 00000000 ____D C:\Users\Justus\AppData\Local\LogMeIn Hamachi
2016-05-31 23:02 - 2014-11-12 20:07 - 00000000 ____D C:\Users\Justus
2016-05-31 22:59 - 2016-04-24 13:02 - 00000306 __RSH C:\ProgramData\ntuser.pol
2016-05-31 22:59 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-31 21:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Web
2016-05-30 10:46 - 2015-05-30 21:22 - 00000000 ____D C:\Users\Justus\AppData\Roaming\MyPhoneExplorer
2016-05-29 19:55 - 2014-11-12 21:17 - 00000000 ____D C:\Users\Justus\AppData\Local\ElevatedDiagnostics
2016-05-25 20:17 - 2016-03-13 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RCRN
2016-05-25 20:17 - 2016-03-13 19:17 - 00000000 ____D C:\Users\Justus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2016-05-25 20:17 - 2015-10-11 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2016-05-25 20:17 - 2015-09-18 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-25 20:17 - 2015-09-18 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-25 20:17 - 2015-08-14 13:52 - 00000000 ____D C:\Windows\Minidump
2016-05-19 16:36 - 2014-12-13 12:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-19 13:32 - 2014-11-12 20:45 - 00000000 ____D C:\Users\Justus\AppData\Roaming\vlc
2016-05-16 20:51 - 2015-08-11 21:02 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-05-16 02:14 - 2014-11-12 22:52 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-16 02:14 - 2014-11-12 22:52 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-14 00:57 - 2014-12-29 13:28 - 00000000 ____D C:\Users\Justus\AppData\Roaming\Dropbox
2016-05-13 17:55 - 2014-11-12 20:32 - 11118479 ____H C:\Users\Justus\AppData\Local\IconCache.db.backup
2016-05-13 17:35 - 2015-05-24 15:15 - 00000000 ____D C:\Users\Justus\Documents\The Witcher 3
2016-05-13 14:50 - 2015-10-31 00:05 - 00000000 ____D C:\Users\Justus\AppData\Roaming\gnupg
2016-05-12 03:41 - 2014-11-12 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-12 03:40 - 2014-11-12 20:38 - 00141920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-05-12 03:40 - 2014-11-12 20:38 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-05 20:04 - 2015-01-08 15:40 - 00000000 ____D C:\Users\Justus\AppData\Local\gtk-2.0
2016-05-05 20:04 - 2015-01-08 15:29 - 00000000 ____D C:\Users\Justus\.gimp-2.8
2016-05-05 16:26 - 2015-05-24 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-05-05 11:48 - 2016-02-22 15:47 - 00004230 _____ C:\Windows\System32\Tasks\AMD Updater
2016-05-05 11:48 - 2014-11-12 20:19 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-05 11:47 - 2014-11-12 20:19 - 00000000 ____D C:\Program Files\AMD
2016-05-03 21:12 - 2014-12-07 22:56 - 00000000 ____D C:\Users\Justus\AppData\Roaming\Skype

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-11-12 23:27 - 2014-12-23 15:31 - 3295666688 _____ (Firelight Technologies) C:\Program Files (x86)\game_pak
2014-11-13 00:16 - 2014-12-23 15:31 - 0000017 _____ () C:\Program Files (x86)\history.txt
2014-11-18 22:35 - 2015-01-06 14:35 - 0004659 _____ () C:\Program Files (x86)\hotkey.g
2015-02-19 17:46 - 2016-02-13 20:15 - 2128896 _____ () C:\Users\Justus\AppData\Local\file__0.localstorage
2015-10-08 15:31 - 2015-10-08 15:31 - 0000094 _____ () C:\Users\Justus\AppData\Local\fusioncache.dat
2015-11-09 23:48 - 2016-02-21 11:02 - 0001472 _____ () C:\Users\Justus\AppData\Local\RecConfig.xml
2016-05-05 20:04 - 2016-05-05 20:04 - 0004007 _____ () C:\Users\Justus\AppData\Local\recently-used.xbel
2015-08-11 11:21 - 2016-02-21 01:50 - 0007653 _____ () C:\Users\Justus\AppData\Local\Resmon.ResmonCfg
2014-11-12 20:13 - 2014-11-12 20:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-20 20:34 - 2016-03-20 18:33 - 0000035 _____ () C:\ProgramData\droidcam-settings

Einige Dateien in TEMP:
====================
C:\Users\Justus\AppData\Local\Temp\avgnt.exe
C:\Users\Justus\AppData\Local\Temp\libeay32.dll
C:\Users\Justus\AppData\Local\Temp\msvcr120.dll
C:\Users\Justus\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-29 19:48

==================== Ende von FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 03 June 2016 - 07:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

U0 wwqueyb; C:\Windows\System32\drivers\xlbv.sys [79064 2016-06-02] (Malwarebytes)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R3 iTurbo; \??\C:\Users\Justus\AppData\Local\Temp\iTurbo.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Windows\System32\drivers\xlbv.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

#3 Minokrates

Minokrates
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 03 June 2016 - 09:45 AM

Hey nasdaq!

First of all, thank you for your help!

So far I have no more noticable problems, but I would really appreaciate it, if you could tell me what kind of virus that was, and how to prevent something like that from happening again.

Is Avira Free Antivirus any good? Is Malwarebytes Anti Malware any good? And most of all, what are possible consequences of that virus infection regarding password safety/online-banking/data privacy?
Here are the requested logs:

 

fixlog:

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-06-2016
durchgeführt von Justus (2016-06-03 16:29:36) Run:1
Gestartet von C:\Users\Justus\Downloads
Geladene Profile: Justus (Verfügbare Profile: Justus)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

U0 wwqueyb; C:\Windows\System32\drivers\xlbv.sys [79064 2016-06-02] (Malwarebytes)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R3 iTurbo; \??\C:\Users\Justus\AppData\Local\Temp\iTurbo.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Windows\System32\drivers\xlbv.sys

End
*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozess erfolgreich geschlossen.
wwqueyb => Dienst nicht gefunden.
EagleX64 => Dienst erfolgreich entfernt
iTurbo => Dienst erfolgreich gestoppt.
iTurbo => Dienst erfolgreich entfernt
WinRing0_1_2_0 => Dienst erfolgreich entfernt
xhunter1 => Dienst erfolgreich entfernt
"C:\Windows\System32\drivers\xlbv.sys" => nicht gefunden.
EmptyTemp: => 659.2 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 16:29:46 ====

 

adwcleaner log:

 

# AdwCleaner v5.119 - Logfile created 03/06/2016 at 16:34:22
# Updated 30/05/2016 by Xplode
# Database : 2016-05-30.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Justus - JUSTUS-PC
# Running from : C:\Users\Justus\Downloads\adwcleaner_5.119.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2333 bytes] - [31/05/2016 22:31:55]
C:\AdwCleaner\AdwCleaner[C2].txt - [1640 bytes] - [31/05/2016 23:01:10]
C:\AdwCleaner\AdwCleaner[C3].txt - [1691 bytes] - [31/05/2016 23:14:57]
C:\AdwCleaner\AdwCleaner[C4].txt - [1465 bytes] - [31/05/2016 23:26:09]
C:\AdwCleaner\AdwCleaner[C5].txt - [1766 bytes] - [02/06/2016 18:33:46]
C:\AdwCleaner\AdwCleaner[C6].txt - [1103 bytes] - [03/06/2016 16:34:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [2335 bytes] - [31/05/2016 22:30:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [2234 bytes] - [31/05/2016 22:31:08]
C:\AdwCleaner\AdwCleaner[S3].txt - [1604 bytes] - [31/05/2016 22:59:29]
C:\AdwCleaner\AdwCleaner[S4].txt - [1505 bytes] - [31/05/2016 23:14:06]
C:\AdwCleaner\AdwCleaner[S5].txt - [1304 bytes] - [31/05/2016 23:25:19]
C:\AdwCleaner\AdwCleaner[S6].txt - [1450 bytes] - [31/05/2016 23:36:45]
C:\AdwCleaner\AdwCleaner[S7].txt - [1531 bytes] - [02/06/2016 16:17:56]
C:\AdwCleaner\AdwCleaner[S8].txt - [1604 bytes] - [02/06/2016 18:32:49]
C:\AdwCleaner\AdwCleaner[S9].txt - [1750 bytes] - [03/06/2016 16:33:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [1833 bytes] ##########

Thanks in advance!

Greetings,

Minokrates
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 03 June 2016 - 10:50 AM


I just removed all that is not required or normal.
Cannot identify what type of infection you had.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 09 June 2016 - 09:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users