| |
| |||||||
Log-Analyse und Auswertung: Virus erstellt Verknüpfungen auf externen Geräten und setzt MP3 Player außer GefechtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.04.2015, 06:29
| #1 |
| |  Virus erstellt Verknüpfungen auf externen Geräten und setzt MP3 Player außer Gefecht Hallo Liebes Trojaner-Board-Team, vielen lieben Dank schon erstmal dafür, dass ich mich an euch wenden darf. Das Problem besteht aus einem Virus, welchen ich mir über einen fremden Rechner auf den USB Stick und somit auf sämtlich andere externe Geräte (Festplatte, MP3, SD) gezogen habe. Dieser erstellt Verknüpfungen, lässt Dateien zwar noch kopieren, aber nicht mehr löschen. Ich habe das mittlerweile lange toleriert (weil ich eben absolut kein Computer Crack bin), aber seit heute Nacht zeigt mir mein MP3 Player keine Musik mehr zum Abspielen an, obwohl sie doch sichtbar im Ordner am PC verschoben wurde. Ich hab das Programm Malewarebytes Anti-Maleware zum ersten Mal durch laufen lassen. 23 Funde, die ich gelöscht habe, allerdings reagiert der MP3 Player immer noch nicht. Nun habe ich eure Anweisung befolgt und die geforderten drei Schritte ausgeführt. Dabei hingen die oben drei genannten externen Geräte am PC. Ich hoffe ich habe alles richtig gemacht und ihr könnt was mit den Informationen anfangen. Ich hoffe ihr könnt mir weiterhelfen..  für eure Zeit und Geduld!Malewarebytes, Durchlauf #1 (ohne SD Karte) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.04.2015 Suchlauf-Zeit: 05:26:39 Logdatei: Malewarebytes.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.13.09 Rootkit Datenbank: v2015.03.31.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: eva Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 397193 Verstrichene Zeit: 21 Min, 14 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 2 PUP.Optional.Dregol.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Run_Dregol, In Quarantäne, [9b82a9c3701a0f274c35c8fac73cf40c], PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\run_dregol, In Quarantäne, [df3eb0bcc0ca55e1542bc5fd63a00000], Registrierungswerte: 12 PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=, In Quarantäne, [031a79f3741665d1d658f0639a6b45bb] PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=, In Quarantäne, [a67709632b5f3afc86a8391a0df8ef11] PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Users\eva\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico, In Quarantäne, [7da033397c0e93a3ec425ef59d68b947] PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Dregol, In Quarantäne, [c25b8ddfb3d79d999c92f2610df87987] PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Dregol, In Quarantäne, [2df097d5850583b3f836f360798c06fa] PUP.Optional.Dregol.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Run_dregol, C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat", In Quarantäne, [ee2f1557ec9e2016fe82ead82bd85aa6] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Run_dregol, C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat", In Quarantäne, [ee2f1557ec9e2016fe82ead82bd85aa6] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=, In Quarantäne, [9d8072fab3d7d06681ac6fe4d23312ee] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=, In Quarantäne, [fc21f676800ac86e5ecf84cf3acb5fa1] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Users\eva\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico, In Quarantäne, [f825b4b82e5caa8c4fde8bc8da2b649c] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Dregol, In Quarantäne, [e9349bd1b2d8cb6b80ad9fb4ee174db3] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Dregol, In Quarantäne, [011cd6963258c571ac813a19838208f8] Registrierungsdaten: 1 PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.dregol.com/?f=1&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=, Gut: (www.google.com), Schlecht: (hxxp://www.dregol.com/?f=1&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=),Ersetzt,[63ba1755cfbb3303b0212ec75ea73ec2] Ordner: 6 PUP.Optional.OpenCandy, C:\Users\eva\AppData\Roaming\OpenCandy, In Quarantäne, [8e8f0765dab084b2294ca0eaf60dc63a], PUP.Optional.OpenCandy, C:\Users\eva\AppData\Roaming\OpenCandy\0553BC3C672040C18F08C1929D1D7AB0, In Quarantäne, [8e8f0765dab084b2294ca0eaf60dc63a], PUP.Optional.OpenCandy, C:\Users\eva\AppData\Roaming\OpenCandy\OpenCandy_0553BC3C672040C18F08C1929D1D7AB0, In Quarantäne, [8e8f0765dab084b2294ca0eaf60dc63a], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol, In Quarantäne, [8994ec802d5de5511746803b18eb8a76], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc, In Quarantäne, [8994ec802d5de5511746803b18eb8a76], PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol, In Quarantäne, [07166c009ded37ffcb93843752b142be], Dateien: 15 PUP.Optional.Dregol.A, C:\Windows\System32\Tasks\Run_dregol, In Quarantäne, [fe1fa5c78208f343601c3b87dc2712ee], PUP.Optional.Dregol.A, C:\Windows\Tasks\Run_dregol.job, In Quarantäne, [6fae501c0981b680a2dbdfe373901ee2], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\searchplugins\dregol.xml, In Quarantäne, [7ba2db91cdbd03333747e3df3cc78f71], PUP.Optional.Ask.A, C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\extensions\toolbar_ORJ-SPE@apn.ask.com.xpi, In Quarantäne, [36e7da928802f6402eefe400f50eb947], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat, In Quarantäne, [ee2f1557ec9e2016fe82ead82bd85aa6], PUP.Optional.OpenCandy, C:\Users\eva\AppData\Roaming\OpenCandy\0553BC3C672040C18F08C1929D1D7AB0\TuneUpUtilities2012_1002094_de-DE-p1v0.exe, In Quarantäne, [8e8f0765dab084b2294ca0eaf60dc63a], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\config.dat, In Quarantäne, [8994ec802d5de5511746803b18eb8a76], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\info.dat, In Quarantäne, [8994ec802d5de5511746803b18eb8a76], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\UpdateTask.exe, In Quarantäne, [8994ec802d5de5511746803b18eb8a76], PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol\config.dat, In Quarantäne, [07166c009ded37ffcb93843752b142be], PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol\Sqlite3.dll, In Quarantäne, [07166c009ded37ffcb93843752b142be], PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol\uninst.dat, In Quarantäne, [07166c009ded37ffcb93843752b142be], PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol\uninstall.exe, In Quarantäne, [07166c009ded37ffcb93843752b142be], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\search.json, Gut: (), Schlecht: (dregol.xml), Ersetzt,[fd2067056e1cbc7af2d6211c58aede22] PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\search.json, Gut: (), Schlecht: (dregol.com), Ersetzt,[fe1fe587c5c515213b8d49f4eb1b47b9] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.04.2015 Suchlauf-Zeit: 05:26:39 Logdatei: Malewarebytes2.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.13.09 Rootkit Datenbank: v2015.03.31.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: eva Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 397193 Verstrichene Zeit: 21 Min, 14 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 2 PUP.Optional.Dregol.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Run_Dregol, In Quarantäne, [9b82a9c3701a0f274c35c8fac73cf40c], PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\run_dregol, In Quarantäne, [df3eb0bcc0ca55e1542bc5fd63a00000], Registrierungswerte: 12 PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=, In Quarantäne, [031a79f3741665d1d658f0639a6b45bb] PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=, In Quarantäne, [a67709632b5f3afc86a8391a0df8ef11] PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Users\eva\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico, In Quarantäne, [7da033397c0e93a3ec425ef59d68b947] PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Dregol, In Quarantäne, [c25b8ddfb3d79d999c92f2610df87987] PUP.Optional.Dregol.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Dregol, In Quarantäne, [2df097d5850583b3f836f360798c06fa] PUP.Optional.Dregol.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Run_dregol, C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat", In Quarantäne, [ee2f1557ec9e2016fe82ead82bd85aa6] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Run_dregol, C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat", In Quarantäne, [ee2f1557ec9e2016fe82ead82bd85aa6] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=, In Quarantäne, [9d8072fab3d7d06681ac6fe4d23312ee] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=, In Quarantäne, [fc21f676800ac86e5ecf84cf3acb5fa1] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Users\eva\AppData\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico, In Quarantäne, [f825b4b82e5caa8c4fde8bc8da2b649c] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Dregol, In Quarantäne, [e9349bd1b2d8cb6b80ad9fb4ee174db3] PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Dregol, In Quarantäne, [011cd6963258c571ac813a19838208f8] Registrierungsdaten: 1 PUP.Optional.Dregol.A, HKU\S-1-5-21-3140515600-33983380-753437015-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.dregol.com/?f=1&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=, Gut: (www.google.com), Schlecht: (hxxp://www.dregol.com/?f=1&a=drg_fsvideosft_15_16&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDtDyD0AyEtAzztDtC0AtBtN0D0Tzu0StCtCzyzztN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzz0F0EtByE0AtCtG0Dzy0DtAtGyC0C0FtCtG0B0DtD0EtGtCyE0C0BtA0B0C0FtBtBzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0BtBtAyCyEtGtAtBtC0CtGyE0A0AzytGzyzytBtCtG0B0ByE0C0B0CtC0AyC0A0EyB2QtN0A0LzuyE&cr=1852613194&ir=),Ersetzt,[63ba1755cfbb3303b0212ec75ea73ec2] Ordner: 6 PUP.Optional.OpenCandy, C:\Users\eva\AppData\Roaming\OpenCandy, In Quarantäne, [8e8f0765dab084b2294ca0eaf60dc63a], PUP.Optional.OpenCandy, C:\Users\eva\AppData\Roaming\OpenCandy\0553BC3C672040C18F08C1929D1D7AB0, In Quarantäne, [8e8f0765dab084b2294ca0eaf60dc63a], PUP.Optional.OpenCandy, C:\Users\eva\AppData\Roaming\OpenCandy\OpenCandy_0553BC3C672040C18F08C1929D1D7AB0, In Quarantäne, [8e8f0765dab084b2294ca0eaf60dc63a], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol, In Quarantäne, [8994ec802d5de5511746803b18eb8a76], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc, In Quarantäne, [8994ec802d5de5511746803b18eb8a76], PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol, In Quarantäne, [07166c009ded37ffcb93843752b142be], Dateien: 15 PUP.Optional.Dregol.A, C:\Windows\System32\Tasks\Run_dregol, In Quarantäne, [fe1fa5c78208f343601c3b87dc2712ee], PUP.Optional.Dregol.A, C:\Windows\Tasks\Run_dregol.job, In Quarantäne, [6fae501c0981b680a2dbdfe373901ee2], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\searchplugins\dregol.xml, In Quarantäne, [7ba2db91cdbd03333747e3df3cc78f71], PUP.Optional.Ask.A, C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\extensions\toolbar_ORJ-SPE@apn.ask.com.xpi, In Quarantäne, [36e7da928802f6402eefe400f50eb947], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat, In Quarantäne, [ee2f1557ec9e2016fe82ead82bd85aa6], PUP.Optional.OpenCandy, C:\Users\eva\AppData\Roaming\OpenCandy\0553BC3C672040C18F08C1929D1D7AB0\TuneUpUtilities2012_1002094_de-DE-p1v0.exe, In Quarantäne, [8e8f0765dab084b2294ca0eaf60dc63a], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\config.dat, In Quarantäne, [8994ec802d5de5511746803b18eb8a76], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\info.dat, In Quarantäne, [8994ec802d5de5511746803b18eb8a76], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Run_dregol\UpdateProc\UpdateTask.exe, In Quarantäne, [8994ec802d5de5511746803b18eb8a76], PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol\config.dat, In Quarantäne, [07166c009ded37ffcb93843752b142be], PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol\Sqlite3.dll, In Quarantäne, [07166c009ded37ffcb93843752b142be], PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol\uninst.dat, In Quarantäne, [07166c009ded37ffcb93843752b142be], PUP.Optional.Dregol.A, C:\Program Files (x86)\Run_Dregol\uninstall.exe, In Quarantäne, [07166c009ded37ffcb93843752b142be], PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\search.json, Gut: (), Schlecht: (dregol.xml), Ersetzt,[fd2067056e1cbc7af2d6211c58aede22] PUP.Optional.Dregol.A, C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\search.json, Gut: (), Schlecht: (dregol.com), Ersetzt,[fe1fe587c5c515213b8d49f4eb1b47b9] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 06:41 on 14/04/2015 (eva)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015 Ran by eva (administrator) on EVA-PC on 14-04-2015 06:43:01 Running from C:\Users\eva Loaded Profiles: UpdatusUser & eva (Available profiles: UpdatusUser & eva) Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (ASUS) C:\Windows\AsScrPro.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE () C:\Users\eva\Defogger.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] () HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-09-29] () HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-25] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] () HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3140515600-33983380-753437015-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-3140515600-33983380-753437015-1001\...\Run: [] => [X] HKU\S-1-5-21-3140515600-33983380-753437015-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia) HKU\S-1-5-21-3140515600-33983380-753437015-1001\...\Run: [mmrrqkqpas] => wscript.exe //B "C:\Users\eva\AppData\Local\Temp\mmrrqkqpas.vbs" <===== ATTENTION AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [113768 2010-07-12] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [102504 2010-07-12] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.) Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mmrrqkqpas.vbs () Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll () ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll () ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll () ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3140515600-33983380-753437015-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\S-1-5-21-3140515600-33983380-753437015-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3140515600-33983380-753437015-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3140515600-33983380-753437015-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-3140515600-33983380-753437015-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-3140515600-33983380-753437015-1001 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-09-29] (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2010-09-29] (Google Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-11] (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-09-29] (Google Inc.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-09-29] (Google Inc.) BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-09-29] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-11] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-09-29] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-09-29] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.) Toolbar: HKU\S-1-5-21-3140515600-33983380-753437015-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 195.50.140.252 195.50.140.114 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default FF Homepage: hxxp://www.sueddeutsche.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-11] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-11] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-04-19] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\searchplugins\ask-search.xml [2014-08-12] FF SearchPlugin: C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\searchplugins\duckduckgo.xml [2013-07-09] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\3z7k9dhp.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-08] FF HKU\S-1-5-21-3140515600-33983380-753437015-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10] StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed] S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] () [File not signed] R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.) S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.) S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] () R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.) R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.) R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.) U3 tmlwf; No ImagePath U3 tmwfp; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 06:43 - 2015-04-14 06:43 - 00022046 _____ () C:\Users\eva\FRST.txt 2015-04-14 06:42 - 2015-04-14 06:43 - 00000000 ____D () C:\FRST 2015-04-14 06:42 - 2015-04-14 06:42 - 02096640 _____ (Farbar) C:\Users\eva\FRST64.exe 2015-04-14 06:40 - 2015-04-14 06:41 - 00000468 _____ () C:\Users\eva\defogger_disable.log 2015-04-14 06:40 - 2015-04-14 06:40 - 00000000 _____ () C:\Users\eva\defogger_reenable 2015-04-14 06:39 - 2015-04-14 06:39 - 00050477 _____ () C:\Users\eva\Defogger.exe 2015-04-14 05:25 - 2015-04-14 05:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-14 05:25 - 2015-04-14 05:25 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-14 05:25 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-14 05:25 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-14 05:25 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-14 05:22 - 2015-04-14 05:24 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\eva\mbam-setup-2.1.4.1018.exe 2015-04-14 04:19 - 2015-04-14 04:19 - 00001280 _____ () C:\Users\eva\Desktop\Command Prompt.lnk 2015-04-13 21:54 - 2015-04-13 21:54 - 00000000 ____D () C:\Windows\system32\SPReview 2015-04-13 15:11 - 2015-04-13 15:11 - 00001530 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-04-13 15:11 - 2015-04-13 15:11 - 00000000 ____D () C:\ProgramData\{E4F00C33-B472-DDB5-05F4-AD37D5767EB9} 2015-04-13 15:11 - 2015-04-13 15:11 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-04-13 15:10 - 2015-04-13 15:11 - 00000000 ____D () C:\Users\eva\AppData\Local\69DD7379_stp 2015-04-13 15:04 - 2015-04-13 15:11 - 00000000 ____D () C:\Users\eva\AppData\Local\5D515C96_stp 2015-04-13 15:04 - 2015-04-13 15:05 - 01509462 _____ () C:\Users\eva\AppData\Local\69DD7379_stp.CIS 2015-04-13 15:04 - 2015-04-13 15:05 - 00000295 _____ () C:\Users\eva\AppData\Local\69DD7379_stp.CIS.part 2015-04-13 15:04 - 2015-04-13 15:04 - 00385602 _____ () C:\Users\eva\AppData\Local\5D515C96_stp.CIS 2015-04-13 15:04 - 2015-04-13 15:04 - 00047605 _____ () C:\Users\eva\AppData\Local\4A594BA6_stp.CIS 2015-04-13 15:04 - 2015-04-13 15:04 - 00042627 _____ () C:\Users\eva\AppData\Local\2B763BC1_stp.CIS 2015-04-13 15:04 - 2015-04-13 15:04 - 00000289 _____ () C:\Users\eva\AppData\Local\4A594BA6_stp.CIS.part 2015-04-13 15:04 - 2015-04-13 15:04 - 00000289 _____ () C:\Users\eva\AppData\Local\2B763BC1_stp.CIS.part 2015-04-13 15:04 - 2015-04-13 15:04 - 00000220 _____ () C:\Users\eva\AppData\Local\5D515C96_stp.CIS.part 2015-04-13 15:01 - 2015-04-13 15:02 - 03309800 _____ (DVDVideoSoft Ltd. ) C:\Users\eva\Downloads\FreeYouTubeToMP3Converter.exe 2015-04-08 13:54 - 2015-04-08 13:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-26 23:49 - 2015-03-11 04:39 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-26 23:49 - 2015-03-11 04:39 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-26 23:49 - 2015-03-11 04:39 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-26 23:49 - 2015-03-11 04:39 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-26 23:49 - 2015-03-11 04:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-26 23:49 - 2015-03-11 04:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-26 23:49 - 2015-03-11 04:34 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 06:43 - 2011-09-24 10:44 - 00000000 ____D () C:\Users\eva 2015-04-14 06:42 - 2009-07-14 06:45 - 00015904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-14 06:42 - 2009-07-14 06:45 - 00015904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-14 06:21 - 2010-09-29 14:14 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-14 05:59 - 2010-09-29 13:55 - 01164298 _____ () C:\Windows\WindowsUpdate.log 2015-04-14 05:56 - 2009-08-04 11:51 - 00654400 _____ () C:\Windows\system32\perfh007.dat 2015-04-14 05:56 - 2009-08-04 11:51 - 00130240 _____ () C:\Windows\system32\perfc007.dat 2015-04-14 05:56 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-14 05:52 - 2012-05-18 17:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-14 05:50 - 2010-09-29 14:44 - 00001247 _____ () C:\Windows\system32\ServiceFilter.ini 2015-04-14 05:50 - 2010-09-29 14:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-14 05:49 - 2010-09-29 14:21 - 00013256 _____ () C:\Windows\PFRO.log 2015-04-14 05:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-14 05:49 - 2009-07-14 06:51 - 00137251 _____ () C:\Windows\setupact.log 2015-04-14 04:11 - 2011-09-24 19:19 - 00000000 ____D () C:\Users\eva\AppData\Roaming\Skype 2015-04-14 04:09 - 2015-02-23 13:14 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2015-04-13 15:14 - 2012-05-13 22:06 - 00000000 ____D () C:\Users\eva\AppData\Roaming\DVDVideoSoft 2015-04-13 15:11 - 2013-01-15 19:20 - 00002253 _____ () C:\Users\eva\Desktop\Internetbrowser.lnk 2015-04-13 15:11 - 2012-05-13 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-04-13 15:11 - 2012-05-13 22:07 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-04-13 15:11 - 2011-10-02 12:14 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-04-13 15:11 - 2011-09-24 10:55 - 00001407 _____ () C:\Users\eva\Desktop\Internet Explorer.lnk 2015-04-09 22:43 - 2012-06-06 16:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-02 15:03 - 2014-08-12 16:55 - 00000000 ____D () C:\Users\eva\Desktop\Amely 2015-03-27 02:36 - 2014-12-10 10:28 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-27 02:36 - 2014-07-14 16:29 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== Files in the root of some directories ======= 2007-06-12 18:34 - 2007-06-12 18:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico 2008-05-22 17:35 - 2008-05-22 17:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg 2009-04-08 19:31 - 2009-04-08 19:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll 2008-08-12 06:45 - 2008-08-12 06:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll 2015-04-13 15:04 - 2015-04-13 15:04 - 0042627 _____ () C:\Users\eva\AppData\Local\2B763BC1_stp.CIS 2015-04-13 15:04 - 2015-04-13 15:04 - 0000289 _____ () C:\Users\eva\AppData\Local\2B763BC1_stp.CIS.part 2015-04-13 15:04 - 2015-04-13 15:04 - 0047605 _____ () C:\Users\eva\AppData\Local\4A594BA6_stp.CIS 2015-04-13 15:04 - 2015-04-13 15:04 - 0000289 _____ () C:\Users\eva\AppData\Local\4A594BA6_stp.CIS.part 2015-04-13 15:04 - 2015-04-13 15:04 - 0385602 _____ () C:\Users\eva\AppData\Local\5D515C96_stp.CIS 2015-04-13 15:04 - 2015-04-13 15:04 - 0000220 _____ () C:\Users\eva\AppData\Local\5D515C96_stp.CIS.part 2015-04-13 15:04 - 2015-04-13 15:05 - 1509462 _____ () C:\Users\eva\AppData\Local\69DD7379_stp.CIS 2015-04-13 15:04 - 2015-04-13 15:05 - 0000295 _____ () C:\Users\eva\AppData\Local\69DD7379_stp.CIS.part 2010-09-29 14:15 - 2009-12-24 14:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2010-09-29 14:11 - 2010-09-29 14:12 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-09-29 14:11 - 2010-09-29 14:11 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Files to move or delete: ==================== C:\Users\eva\Defogger.exe C:\Users\eva\FRST64.exe C:\Users\eva\mbam-setup-2.1.4.1018.exe Some content of TEMP: ==================== C:\Users\eva\AppData\Local\Temp\APNSetup.exe C:\Users\eva\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-01-08 16:18 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by eva at 2015-04-14 06:43:58
Running from C:\Users\eva
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Trend Micro Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
Bing Bar (HKLM-x32\...\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}) (Version: 7.1.391.0 - Microsoft Corporation)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.63 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
Dream Day Wedding Married in Manhattan (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version: - Oberon Media)
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.6 - ASUS)
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version: - )
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5741 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
Piggly FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}) (Version: - Oberon Media)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1902}) (Version: 12.25.2.60 - APN, LLC) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smileyville FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}) (Version: - Oberon Media)
Snood 4 (HKLM-x32\...\Snood 4_is1) (Version: - Word of Mouse Games)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Trend Micro Internet Security (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.50 - Trend Micro Inc.)
Trend Micro Internet Security (Version: 17.50 - Trend Micro Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.207 - Sonix)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.17 - ASUS)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {091D6D1B-D233-4CE6-A995-FC9FE4ED4941} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {141100CA-EEC0-4EF1-83A8-AC1A2FD122FA} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {155AFCE9-7B84-4494-B775-42959AAAB1C6} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK)
Task: {19A65FA5-F64D-41EF-8D0E-62249BD36335} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus)
Task: {27C61DCB-1F2D-4A44-AAF6-309B572FA0A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {9E12BE38-2017-4FE1-B4BA-01427755F33E} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {A69BA296-7AFA-45CA-963B-65529BF4D810} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B4C108F4-0F0B-4B8A-8D6C-7D8669104C99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {BE6FE28D-7377-403C-AFBD-E9E2B692B538} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {F14CB8F0-F3C9-4272-B9AD-9C99E1182376} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2007-06-15 19:28 - 2007-06-15 19:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-02 01:52 - 2007-06-02 01:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-09-29 14:14 - 2010-09-29 14:14 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-09-29 14:14 - 2010-09-29 14:14 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-09-29 14:44 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-01-11 19:27 - 2010-01-11 19:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-05-06 03:22 - 2010-05-06 03:22 - 00108544 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-01 08:02 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-02-23 13:50 - 2010-02-23 13:50 - 00207656 _____ () C:\Program Files\Trend Micro\Internet Security\UfPack.dll
2010-02-23 21:03 - 2010-02-23 21:03 - 01106864 _____ () C:\Program Files\Trend Micro\Internet Security\sqlite3.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-07-02 22:36 - 2010-07-02 22:36 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2015-04-14 06:39 - 2015-04-14 06:39 - 00050477 _____ () C:\Users\eva\Defogger.exe
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2007-06-15 19:28 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-02 02:08 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-04-19 01:44 - 2013-04-19 01:44 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2010-02-24 00:14 - 2010-02-24 00:14 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-02-24 00:14 - 2010-02-24 00:14 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-02-24 00:11 - 2010-02-24 00:11 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-02-24 00:12 - 2010-02-24 00:12 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-02-24 00:14 - 2010-02-24 00:14 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
2010-07-12 14:29 - 2010-07-12 14:29 - 00010856 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-02-05 17:53 - 2015-02-05 17:53 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3140515600-33983380-753437015-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 195.50.140.252 - 195.50.140.114
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-3140515600-33983380-753437015-500 - Administrator - Disabled)
eva (S-1-5-21-3140515600-33983380-753437015-1001 - Administrator - Enabled) => C:\Users\eva
Gast (S-1-5-21-3140515600-33983380-753437015-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3140515600-33983380-753437015-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3140515600-33983380-753437015-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2015 03:11:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca28
Name des fehlerhaften Moduls: dodo.dll, Version: 0.0.0.0, Zeitstempel: 0x54f71b65
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009e2e
ID des fehlerhaften Prozesses: 0x1198
Startzeit der fehlerhaften Anwendung: 0xregsvr32.exe0
Pfad der fehlerhaften Anwendung: regsvr32.exe1
Pfad des fehlerhaften Moduls: regsvr32.exe2
Berichtskennung: regsvr32.exe3
Error: (04/13/2015 03:11:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.1.5570, Zeitstempel: 0x551e23ee
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.1.5570, Zeitstempel: 0x551e1536
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xc84
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (02/19/2015 08:07:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Images2PDF.exe, Version 0.9.7.1189 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1ad0
Startzeit: 01d04c6e3ef81d0e
Endzeit: 24
Anwendungspfad: C:\Program Files\PDFCreator\Images2PDF\Images2PDF.exe
Berichts-ID:
Error: (01/25/2015 01:10:32 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{c30171cb-cbbf-11df-9dc8-806e6f6e6963} - 0000000000000148,0x0053c008,00000000003FE5E0,0,0000000000271FA0,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (01/25/2015 01:10:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\a84ac684d177574bcd\spinstall.exe /path:"C:\Windows\SoftwareDistribution\Download\Install\spclite.exe" /quiet; Beschreibung = Windows 7 Service Pack 1; Fehler = 0x81000101).
Error: (12/08/2014 04:28:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16476, Zeitstempel: 0x5126e7ac
Name des fehlerhaften Moduls: skypeieplugin.dll, Version: 5.6.0.8442, Zeitstempel: 0x4e92c055
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000127b1
ID des fehlerhaften Prozesses: 0x1060
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (11/21/2014 03:48:48 AM) (Source: Microsoft Office 12) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.
Error: (10/23/2014 09:40:45 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 - 000000000000012C,0x00560034,0000000000341FC0,0,0000000000340FB0,4096,[0]).
Vorgang:
PostFinalCommitSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (10/21/2014 09:46:24 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2,0xc0000000,0x00000003,...)". hr = 0x80070037, Die angegebene Netzwerkressource bzw. das angegebene Gerät ist nicht mehr verfügbar.
.
Vorgang:
PostFinalCommitSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (10/14/2014 06:38:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xf94
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (04/14/2015 04:27:26 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/13/2015 09:58:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)
Error: (04/13/2015 03:05:36 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/10/2015 10:19:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)
Error: (04/10/2015 07:30:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)
Error: (04/09/2015 11:11:09 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/09/2015 07:02:25 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (04/09/2015 04:11:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)
Error: (04/09/2015 03:44:34 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/09/2015 10:07:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
Percentage of memory in use: 52%
Total physical RAM: 3884.49 MB
Available physical RAM: 1846.8 MB
Total Pagefile: 7767.12 MB
Available Pagefile: 5147.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:204.03 GB) (Free:203.94 GB) NTFS
Drive f: (Elements) (Fixed) (Total:931.48 GB) (Free:912.78 GB) NTFS
Drive g: (iAUDIO 9) (Removable) (Total:15.21 GB) (Free:9.49 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 15.2 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: F7D4563A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-04-14 07:02:42 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: gfjd5npb.exe; Driver: C:\Users\eva\AppData\Local\Temp\pwldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d21465 2 bytes [D2, 75] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d214bb 2 bytes [D2, 75] .text ... * 2 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d21465 2 bytes [D2, 75] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d214bb 2 bytes [D2, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [2632] entry point in ".rdata" section 000000006f4071e6 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d21465 2 bytes [D2, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d214bb 2 bytes [D2, 75] .text ... * 2 ---- EOF - GMER 2.1 ---- |
| Themen zu Virus erstellt Verknüpfungen auf externen Geräten und setzt MP3 Player außer Gefecht |
| browser, chromium, computer, desktop, excel, festplatte, firefox, flash player, home, homepage, iexplore.exe, install.exe, internet explorer, mozilla, mp3, problem, programm, registry, scan, security, software, stick, svchost.exe, usb, virus, windows, windows xp |
Baum-Darstellung