Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virus-Befall: Aartemis

Virus-Befall: Aartemis


Log-Analyse und Auswertung: Virus-Befall: Aartemis

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.01.2014, 16:29   #1
Helene.Waack
 
Virus-Befall: Aartemis - Standard

Virus-Befall: Aartemis


AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 07/01/2014 um 16:14:18
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Helene Waack - HELENEWAACK-PC
# Gestartet von : C:\Users\Helene Waack\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Users\Helene Waack\AppData\Local\apn
Ordner Gelöscht : C:\Users\Helene Waack\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\HELENE~1\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Helene Waack\Documents\Mobogenie
Datei Gelöscht : C:\Users\Helene Waack\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsUpdate

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Helene Waack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Helene Waack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Helene Waack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Helene Waack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\aartemisSoftware
Schlüssel Gelöscht : HKLM\Software\supWPM

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Helene Waack\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Helene Waack\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6504 octets] - [07/01/2014 16:13:17]
AdwCleaner[S0].txt - [4826 octets] - [07/01/2014 16:14:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4886 octets] ##########

FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Helene Waack (administrator) on HELENEWAACK-PC on 07-01-2014 16:20:55
Running from C:\Users\Helene Waack\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Users\Helene Waack\Downloads\IPod\iTunesHelper.exe
(Geek Software GmbH) C:\Users\Helene Waack\Downloads\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [AutoKMS] - C:\Windows\AutoKMS.exe
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] - C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ToolboxFX] - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [iTunesHelper] - C:\Users\Helene Waack\Downloads\IPod\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Users\Helene Waack\Downloads\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-22] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {35991CD1-E886-4484-B27E-1F56DFEABC6F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=0eb4f893-ade5-420d-a2f7-837082f41e95&apn_sauid=FD040A7B-C51C-4934-9318-4E68BD2B5C46
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 139.30.8.7 139.30.8.8
Tcpip\..\Interfaces\{CC0FD6D4-2EF0-484A-AC18-E12DFC831AC6}: [NameServer]139.30.8.7

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Users\Helene Waack\Downloads\IPod\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

==================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2012-05-14] (AVM Berlin)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-07 16:20 - 2014-01-07 16:20 - 01931762 _____ (Farbar) C:\Users\Helene Waack\Desktop\FRST64.exe
2014-01-07 16:20 - 2014-01-07 16:20 - 00020215 _____ C:\Users\Helene Waack\Desktop\FRST.txt
2014-01-07 16:17 - 2014-01-07 16:17 - 00004982 _____ C:\Users\Helene Waack\Desktop\AdwCleaner[S0].txt
2014-01-07 16:13 - 2014-01-07 16:14 - 00000000 ____D C:\AdwCleaner
2014-01-07 16:09 - 2014-01-07 16:09 - 01233962 _____ C:\Users\Helene Waack\Desktop\adwcleaner.exe
2014-01-07 11:10 - 2014-01-07 11:10 - 00000450 _____ C:\Users\Helene Waack\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-01-07 08:45 - 2014-01-07 08:45 - 00000105 _____ C:\Users\Helene Waack\AppData\Roaming\WB.CFG
2014-01-07 08:45 - 2014-01-07 08:45 - 00000005 _____ C:\Users\Helene Waack\AppData\Roaming\WBPU-TTL.DAT
2014-01-07 08:13 - 2014-01-07 08:13 - 00000000 ____D C:\FRST
2014-01-07 07:45 - 2014-01-07 16:07 - 00000000 ____D C:\Users\Helene Waack\AppData\Roaming\newnext.me
2014-01-07 07:45 - 2014-01-07 07:47 - 00000127 _____ C:\Users\Helene Waack\daemonprocess.txt
2014-01-07 07:45 - 2014-01-07 07:45 - 00000000 ____D C:\Users\Helene Waack\AppData\Local\genienext
2014-01-07 07:45 - 2014-01-07 07:45 - 00000000 ____D C:\Users\Helene Waack\AppData\Local\cache
2014-01-07 07:45 - 2014-01-07 07:45 - 00000000 ____D C:\Users\Helene Waack\.android
2014-01-07 07:44 - 2014-01-07 15:49 - 00000312 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-07 07:44 - 2014-01-07 07:45 - 00003278 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-07 07:44 - 2014-01-07 07:44 - 00000000 ____D C:\Users\Helene Waack\AppData\Roaming\DigitalSites
2014-01-07 07:43 - 2014-01-07 07:43 - 00672936 _____ (                                                            ) C:\Users\Helene Waack\Desktop\ZipExtractorSetup.exe
2014-01-03 14:00 - 2014-01-03 14:00 - 00000000 ____D C:\Users\Helene Waack\Documents\Office Toolkit Beta 4 (3)
2013-12-28 13:36 - 2013-12-28 13:36 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-28 13:36 - 2013-12-28 13:36 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-12-28 13:35 - 2013-12-28 13:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-28 13:35 - 2013-12-28 13:36 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-28 13:35 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-12-28 12:36 - 2013-12-28 12:38 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Helene Waack\Desktop\spybot-2.2.exe
2013-12-28 12:07 - 2014-01-03 15:50 - 00241807 _____ C:\Users\Helene Waack\AppData\Local\census.cache
2013-12-28 12:07 - 2014-01-03 15:50 - 00132254 _____ C:\Users\Helene Waack\AppData\Local\ars.cache
2013-12-28 11:44 - 2013-12-28 11:45 - 30091776 _____ (Microsoft Corporation) C:\Users\Helene Waack\Desktop\IE10-Windows6.1-x86-de-de_b16521.exe
2013-12-28 11:42 - 2011-06-21 05:09 - 00200976 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2013-12-28 11:40 - 2013-12-28 11:40 - 00000036 _____ C:\Users\Helene Waack\AppData\Local\housecall.guid.cache
2013-12-27 08:38 - 2013-12-27 08:38 - 00000000 ____D C:\Users\Helene Waack\AppData\Local\{BAD4D7FD-A679-4E29-BC2B-D4DDF84AAA2B}
2013-12-27 08:04 - 2013-12-27 08:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-27 08:04 - 2013-12-27 08:04 - 00000000 ____D C:\Users\Helene Waack\AppData\Roaming\Malwarebytes
2013-12-27 08:04 - 2013-12-27 08:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-27 08:04 - 2013-12-27 08:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-27 08:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-26 14:39 - 2013-12-26 14:39 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-26 14:39 - 2013-12-26 14:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-26 14:39 - 2013-12-26 14:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-26 14:35 - 2013-12-26 14:36 - 11157328 _____ (Microsoft Corporation) C:\Users\Helene Waack\Downloads\MSEInstall.exe
2013-12-22 18:43 - 2013-12-22 18:43 - 00000000 ____D C:\Users\Helene Waack\AppData\Local\{DDC90E94-90FA-479F-A82B-507F444E2026}
2013-12-22 17:45 - 2013-12-22 17:45 - 00000000 ____D C:\Users\Helene Waack\Documents\Fax
2013-12-21 10:58 - 2013-12-21 10:58 - 00000000 ____D C:\Users\Helene Waack\AppData\Roaming\Mozilla
2013-12-13 17:23 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 17:23 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 17:23 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 17:23 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 17:19 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 17:19 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 17:19 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 17:19 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 17:19 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 17:19 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 17:19 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 17:19 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 17:19 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 17:19 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 17:19 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 17:19 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 17:19 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 17:19 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 17:19 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 17:19 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 17:19 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 17:19 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 17:19 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 17:19 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 17:19 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 17:19 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 17:19 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 17:19 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 17:19 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 17:19 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 17:19 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 17:19 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 17:19 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 17:19 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 17:19 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 15:21 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 15:21 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 15:21 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 15:21 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 15:21 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 15:21 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 15:21 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 15:21 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 15:18 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 15:18 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 15:18 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 15:18 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 15:18 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 15:18 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 15:18 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 15:18 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 15:18 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 15:17 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 15:17 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-07 16:21 - 2014-01-07 16:20 - 00020215 _____ C:\Users\Helene Waack\Desktop\FRST.txt
2014-01-07 16:20 - 2014-01-07 16:20 - 01931762 _____ (Farbar) C:\Users\Helene Waack\Desktop\FRST64.exe
2014-01-07 16:18 - 2012-05-14 13:03 - 00000000 ____D C:\Users\Helene Waack\Documents\Youcam
2014-01-07 16:17 - 2014-01-07 16:17 - 00004982 _____ C:\Users\Helene Waack\Desktop\AdwCleaner[S0].txt
2014-01-07 16:16 - 2012-05-15 19:14 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 16:15 - 2012-05-16 20:03 - 00107129 _____ C:\Windows\setupact.log
2014-01-07 16:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 16:14 - 2014-01-07 16:13 - 00000000 ____D C:\AdwCleaner
2014-01-07 16:14 - 2012-05-14 21:38 - 01210982 _____ C:\Windows\WindowsUpdate.log
2014-01-07 16:14 - 2012-05-14 13:01 - 00001013 _____ C:\Users\Helene Waack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-07 16:13 - 2009-07-14 05:45 - 00017264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 16:13 - 2009-07-14 05:45 - 00017264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 16:11 - 2012-02-21 19:50 - 04041768 _____ C:\Windows\system32\perfh007.dat
2014-01-07 16:11 - 2012-02-21 19:50 - 01214784 _____ C:\Windows\system32\perfc007.dat
2014-01-07 16:11 - 2009-07-14 06:13 - 00005210 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-07 16:10 - 2012-12-25 20:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 16:09 - 2014-01-07 16:09 - 01233962 _____ C:\Users\Helene Waack\Desktop\adwcleaner.exe
2014-01-07 16:08 - 2012-05-15 19:14 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 16:07 - 2014-01-07 07:45 - 00000000 ____D C:\Users\Helene Waack\AppData\Roaming\newnext.me
2014-01-07 16:04 - 2012-05-16 21:20 - 00093764 _____ C:\Windows\PFRO.log
2014-01-07 15:58 - 2012-05-15 18:46 - 00000000 ____D C:\Users\Helene Waack\AppData\Roaming\Skype
2014-01-07 15:49 - 2014-01-07 07:44 - 00000312 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-07 12:51 - 2012-05-14 16:17 - 00000000 ____D C:\Users\Helene Waack\Documents\Outlook-Dateien
2014-01-07 11:10 - 2014-01-07 11:10 - 00000450 _____ C:\Users\Helene Waack\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-01-07 08:45 - 2014-01-07 08:45 - 00000105 _____ C:\Users\Helene Waack\AppData\Roaming\WB.CFG
2014-01-07 08:45 - 2014-01-07 08:45 - 00000005 _____ C:\Users\Helene Waack\AppData\Roaming\WBPU-TTL.DAT
2014-01-07 08:13 - 2014-01-07 08:13 - 00000000 ____D C:\FRST
2014-01-07 07:47 - 2014-01-07 07:45 - 00000127 _____ C:\Users\Helene Waack\daemonprocess.txt
2014-01-07 07:45 - 2014-01-07 07:45 - 00000000 ____D C:\Users\Helene Waack\AppData\Local\genienext
2014-01-07 07:45 - 2014-01-07 07:45 - 00000000 ____D C:\Users\Helene Waack\AppData\Local\cache
2014-01-07 07:45 - 2014-01-07 07:45 - 00000000 ____D C:\Users\Helene Waack\.android
2014-01-07 07:45 - 2014-01-07 07:44 - 00003278 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-07 07:45 - 2012-05-14 13:00 - 00000000 ____D C:\Users\Helene Waack
2014-01-07 07:44 - 2014-01-07 07:44 - 00000000 ____D C:\Users\Helene Waack\AppData\Roaming\DigitalSites
2014-01-07 07:43 - 2014-01-07 07:43 - 00672936 _____ (                                                            ) C:\Users\Helene Waack\Desktop\ZipExtractorSetup.exe
2014-01-06 21:17 - 2012-11-10 17:14 - 00000121 _____ C:\Users\Public\LMDebug.log
2014-01-05 15:21 - 2012-12-27 17:07 - 00002026 ____H C:\Users\Helene Waack\Documents\Default.rdp
2014-01-05 12:33 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-04 12:40 - 2012-05-14 15:05 - 00000000 ____D C:\Users\Helene Waack\AppData\Local\Deployment
2014-01-04 12:40 - 2012-05-14 15:01 - 00000000 ____D C:\ProgramData\Avira
2014-01-04 12:20 - 2012-05-14 14:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-04 12:19 - 2012-05-14 14:31 - 00002671 _____ C:\Users\Helene Waack\Desktop\Microsoft Excel 2010.lnk
2014-01-04 12:19 - 2012-05-14 14:31 - 00002665 _____ C:\Users\Helene Waack\Desktop\Microsoft Word 2010.lnk
2014-01-04 12:13 - 2012-06-11 18:09 - 00000000 ____D C:\Windows\system32\Backups
2014-01-03 15:58 - 2013-06-26 06:38 - 00011890 _____ C:\Windows\IE10_main.log
2014-01-03 15:50 - 2013-12-28 12:07 - 00241807 _____ C:\Users\Helene Waack\AppData\Local\census.cache
2014-01-03 15:50 - 2013-12-28 12:07 - 00132254 _____ C:\Users\Helene Waack\AppData\Local\ars.cache
2014-01-03 15:21 - 2012-05-14 14:27 - 00000000 ____D C:\Users\Helene Waack\AppData\Local\Microsoft Help
2014-01-03 15:06 - 2012-05-14 13:01 - 00181464 _____ C:\Users\Helene Waack\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-03 14:20 - 2009-07-14 05:45 - 00589376 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 14:00 - 2014-01-03 14:00 - 00000000 ____D C:\Users\Helene Waack\Documents\Office Toolkit Beta 4 (3)
2014-01-01 20:55 - 2012-05-14 15:20 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-28 13:43 - 2013-12-28 13:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-28 13:36 - 2013-12-28 13:36 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-28 13:36 - 2013-12-28 13:36 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-12-28 13:36 - 2013-12-28 13:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-28 12:38 - 2013-12-28 12:36 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Helene Waack\Desktop\spybot-2.2.exe
2013-12-28 11:45 - 2013-12-28 11:44 - 30091776 _____ (Microsoft Corporation) C:\Users\Helene Waack\Desktop\IE10-Windows6.1-x86-de-de_b16521.exe
2013-12-28 11:40 - 2013-12-28 11:40 - 00000036 _____ C:\Users\Helene Waack\AppData\Local\housecall.guid.cache
2013-12-27 08:38 - 2013-12-27 08:38 - 00000000 ____D C:\Users\Helene Waack\AppData\Local\{BAD4D7FD-A679-4E29-BC2B-D4DDF84AAA2B}
2013-12-27 08:04 - 2013-12-27 08:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-27 08:04 - 2013-12-27 08:04 - 00000000 ____D C:\Users\Helene Waack\AppData\Roaming\Malwarebytes
2013-12-27 08:04 - 2013-12-27 08:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-27 08:04 - 2013-12-27 08:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 14:39 - 2013-12-26 14:39 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-26 14:39 - 2013-12-26 14:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-26 14:39 - 2013-12-26 14:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-26 14:36 - 2013-12-26 14:35 - 11157328 _____ (Microsoft Corporation) C:\Users\Helene Waack\Downloads\MSEInstall.exe
2013-12-22 18:57 - 2013-04-27 12:55 - 00586752 ___SH C:\Users\Helene Waack\Desktop\Thumbs.db
2013-12-22 18:43 - 2013-12-22 18:43 - 00000000 ____D C:\Users\Helene Waack\AppData\Local\{DDC90E94-90FA-479F-A82B-507F444E2026}
2013-12-22 17:45 - 2013-12-22 17:45 - 00000000 ____D C:\Users\Helene Waack\Documents\Fax
2013-12-21 10:58 - 2013-12-21 10:58 - 00000000 ____D C:\Users\Helene Waack\AppData\Roaming\Mozilla
2013-12-17 15:29 - 2013-04-27 09:56 - 00000000 ____D C:\Users\Helene Waack\Desktop\Uni aktuell
2013-12-16 20:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-15 13:54 - 2013-07-13 07:05 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 13:48 - 2012-02-21 20:44 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 21:38 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 07:04 - 2012-05-18 15:27 - 00000365 _____ C:\Users\Helene Waack\Desktop\Sparkasse Mecklenburg-Nordwest (14051000) - Online-Banking Anmelden.url
2013-12-11 20:10 - 2012-12-25 20:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 20:10 - 2012-12-25 20:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 20:10 - 2012-02-21 22:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Helene Waack\AppData\Local\Temp\343.35767386649087_Update.exe
C:\Users\Helene Waack\AppData\Local\Temp\485.27550650670855_Update.exe
C:\Users\Helene Waack\AppData\Local\Temp\AskSLib.dll
C:\Users\Helene Waack\AppData\Local\Temp\avgnt.exe
C:\Users\Helene Waack\AppData\Local\Temp\COMAP.EXE
C:\Users\Helene Waack\AppData\Local\Temp\pcspeedmaxsetup.exe
C:\Users\Helene Waack\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Helene Waack\AppData\Local\Temp\Quarantine.exe
C:\Users\Helene Waack\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Helene Waack\AppData\Local\Temp\_is1F63.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-01 19:42

==================== End Of Log ============================
--- --- ---
Antwort

Themen zu Virus-Befall: Aartemis
aartemis, aartemis entfernen, administrator, anti-malware, autostart, dateien, entfernen, gelöscht, internet, internet explorer, malwarebytes, minute, mobogenie, mobogenie entfernen, registrierung, richtig, service, super, sweet page, sweet page entfernen, sweet-page, sweet-page entfernen, version, versucht, wochen, zurücksetzen


« Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" | Computer voll von Fehlermeldungen »


Ähnliche Themen: Virus-Befall: Aartemis


  1. WIN / 32 bit BKA .BK .BPD Virus Befall
    Log-Analyse und Auswertung - 18.02.2014 (11)
  2. Mobogenie, Aartemis, Advances System Protector, RegCleanPro, MYPC Backup
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (20)
  3. McAfee findet Aartemis! Trojaner
    Log-Analyse und Auswertung - 23.01.2014 (14)
  4. Aartemis Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (13)
  5. aartemis virus
    Log-Analyse und Auswertung - 05.01.2014 (14)
  6. aartemis.com Startseite - krieg ich nicht mehr los!
    Plagegeister aller Art und deren Bekämpfung - 30.12.2013 (5)
  7. AARTEMIS virus
    Log-Analyse und Auswertung - 27.12.2013 (86)
  8. aartemis.com Startseite - krieg ich nicht mehr los!
    Alles rund um Windows - 26.12.2013 (1)
  9. Aartemis Trojaner
    Antiviren-, Firewall- und andere Schutzprogramme - 25.12.2013 (2)
  10. Aartemis.com erscheint jedes Mal als Startseite beim Start des Browsers
    Log-Analyse und Auswertung - 30.11.2013 (11)
  11. Pc hängt, Startseite aufeinmal "aartemis"
    Log-Analyse und Auswertung - 23.11.2013 (7)
  12. aartemis.com entfernen
    Anleitungen, FAQs & Links - 02.11.2013 (2)
  13. virus befall ???
    Log-Analyse und Auswertung - 28.05.2013 (3)
  14. BKA-Virus-Befall: OTL.log
    Log-Analyse und Auswertung - 12.08.2011 (1)
  15. Virus-Befall?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (3)
  16. Verdacht auf Virus befall
    Mülltonne - 23.11.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus-Befall: Aartemis - AdwCleaner: Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 07/01/2014 um 16:14:18 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack - Virus-Befall: Aartemis...
Archiv
Du betrachtest: Virus-Befall: Aartemis auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131