| |
| |||||||
Log-Analyse und Auswertung: Win 7 Prof: PUP.Optional.OutbrowseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.10.2014, 23:25
| #1 |
 |  Win 7 Prof: PUP.Optional.Outbrowse Liebes Trojaner-Board-Team, ich habe hier einen privaten Win7-Rechner und Malwarebytes Anti-Malware hat PUP.Optional.Outbrowse entdeckt. Ich möchte das Teil wieder loswerden. Hier die Logfiles von Frst, Ger und Malwarebytes Frst: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by L******n (administrator) on NIVALULI on 24-10-2014 23:29:38
Running from C:\Users\L******n\Downloads
Loaded Profiles: L******n & UpdatusUser (Available profiles: L******n & UpdatusUser & Administrator)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(F-Secure Corporation) C:\Program Files\M-net\fshoster32.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(F-Secure Corporation) C:\Program Files\M-net\fshoster32.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Common\FSM32.EXE
() C:\Program Files\EssentialPIM\EssentialPIM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(AVM Berlin) C:\Users\L******n\AppData\Local\Apps\2.0\8O6JCZON.0GD\2Q242DRO.ZNJ\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-02-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM\...\Run: [F-Secure Hoster (51948)] => C:\Program Files\M-net\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\M-net\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-20] (F-Secure Corporation)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-137090181-1359151331-3666072106-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\L******n\AppData\Local\Apps\2.0\8O6JCZON.0GD\2Q242DRO.ZNJ\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-04-12] (AVM Berlin)
HKU\S-1-5-21-137090181-1359151331-3666072106-1000\...\Run: [EssentialPIM] => C:\Program Files\EssentialPIM\EssentialPIM.exe [17127792 2014-07-06] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681
FF DefaultSearchEngine: Ixquick HTTPS - Deutsch
FF SelectedSearchEngine: Ixquick HTTPS - Deutsch
FF Homepage: hxxp://www.fcbayern.de/de/news/news/#/filter
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-24]
FF Extension: Ghostery - C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\Extensions\firefox@ghostery.com.xpi [2014-08-27]
FF Extension: NoScript - C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-15]
Chrome:
=======
CHR Profile: C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (YouTube) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google-Suche) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Google Tabellen) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (Google Wallet) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Google Mail) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 fshoster; C:\Program Files\M-net\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
R3 FSMA; C:\Program Files\M-net\apps\ComputerSecurity\Common\FSMA32.EXE [207808 2013-08-20] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files\M-net\apps\CCF_Reputation\fsorsp.exe [60352 2014-04-12] (F-Secure Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2014-04-12] (AVM Berlin)
R3 F-Secure Gatekeeper; C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [146472 2014-06-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys [73896 2014-06-23] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2014-04-12] ()
R3 fsni; C:\Program Files\M-net\apps\CCF_Scanning\fsni32.sys [70184 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [12736 2013-08-20] ()
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [99840 2014-03-14] (Gemalto)
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-01-23] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-01-23] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540168 2014-01-23] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 23:29 - 2014-10-24 23:30 - 00011908 _____ () C:\Users\L******n\Downloads\FRST.txt
2014-10-24 23:29 - 2014-10-24 23:29 - 00000000 ____D () C:\FRST
2014-10-24 23:28 - 2014-10-24 23:28 - 01103360 _____ (Farbar) C:\Users\L******n\Downloads\FRST.exe
2014-10-24 23:24 - 2014-10-24 23:24 - 00380416 _____ () C:\Users\L******n\Downloads\Gmer-19357.exe
2014-10-22 17:42 - 2014-10-22 17:42 - 00000000 __SHD () C:\Users\L******n\AppData\Local\EmieUserList
2014-10-22 17:42 - 2014-10-22 17:42 - 00000000 __SHD () C:\Users\L******n\AppData\Local\EmieSiteList
2014-10-22 17:32 - 2014-10-22 17:32 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-22 17:32 - 2014-10-22 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-22 17:31 - 2014-10-24 22:36 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 17:31 - 2014-10-24 17:36 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 17:31 - 2014-10-22 17:31 - 00000000 ____D () C:\Program Files\Google
2014-10-22 17:30 - 2014-10-22 17:32 - 00000000 ____D () C:\Users\L******n\AppData\Local\Google
2014-10-22 17:30 - 2014-10-22 17:30 - 00880272 _____ (Google Inc.) C:\Users\L******n\Downloads\ChromeSetup.exe
2014-10-22 17:28 - 2014-10-22 17:29 - 42522704 _____ (Google Inc.) C:\Users\L******n\Downloads\ChromeStandaloneSetup(1).exe
2014-10-22 17:27 - 2014-10-22 17:28 - 42522704 _____ (Google Inc.) C:\Users\L******n\Downloads\ChromeStandaloneSetup.exe
2014-10-19 18:07 - 2014-10-19 18:07 - 36254312 _____ () C:\Users\L******n\Downloads\Firefox_Setup_33.0.exe
2014-10-15 07:11 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 07:11 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 07:11 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 07:11 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 07:11 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 07:11 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 07:11 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 07:11 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 07:11 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 07:11 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 07:11 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 07:11 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 07:11 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 07:11 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 07:11 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 07:11 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 07:11 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 07:11 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 07:11 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 07:11 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 07:11 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 07:11 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 07:11 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 07:11 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 07:11 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 07:11 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 07:11 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 07:11 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 07:11 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 07:11 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 07:11 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 07:10 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 07:10 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 07:10 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 07:10 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 07:10 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 07:10 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 07:10 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 07:10 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 07:10 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 07:09 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 07:09 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 07:09 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 07:09 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 07:09 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 07:09 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 07:09 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 07:09 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 07:09 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 07:09 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 07:08 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 07:08 - 2014-08-19 04:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 07:08 - 2014-08-19 04:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 07:08 - 2014-08-19 04:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 07:08 - 2014-08-19 04:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 07:08 - 2014-08-19 03:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 07:08 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 07:08 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 07:08 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 07:08 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 07:08 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 07:08 - 2014-07-07 03:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 07:08 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 07:08 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 07:08 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 07:08 - 2014-07-07 03:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 07:08 - 2014-06-28 02:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 07:08 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 07:08 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 06:57 - 2014-10-19 18:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-01 06:57 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-24 06:58 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 01:09 - 2014-09-24 01:09 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 23:09 - 2014-04-19 23:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 20:59 - 2014-04-25 22:53 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 20:58 - 2014-04-25 22:52 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-24 20:58 - 2014-04-25 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-24 20:58 - 2014-04-25 22:52 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-10-24 20:31 - 2014-04-12 13:21 - 01054812 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 04:24 - 2014-04-12 16:31 - 00000000 ____D () C:\Users\L******n\AppData\Roaming\EssentialPIM
2014-10-23 22:03 - 2009-07-14 06:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 22:03 - 2009-07-14 06:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 21:56 - 2014-04-12 18:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-23 21:56 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 21:56 - 2009-07-14 06:39 - 00033402 _____ () C:\Windows\setupact.log
2014-10-22 18:42 - 2010-11-20 23:48 - 00009446 _____ () C:\Windows\PFRO.log
2014-10-19 22:59 - 2014-04-13 22:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-19 18:09 - 2014-04-12 16:46 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-19 18:09 - 2014-04-12 16:46 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-17 08:13 - 2009-07-14 06:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 08:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 08:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 07:45 - 2009-07-14 06:33 - 00298192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 07:13 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 07:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 07:09 - 2014-04-12 18:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 07:06 - 2014-04-12 18:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-08 07:02 - 2014-04-12 21:08 - 00000000 ____D () C:\Users\L******n\AppData\Local\Deployment
2014-10-01 11:11 - 2014-04-25 22:52 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-04-25 22:52 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-04-25 22:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 10:02 - 2014-04-14 16:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 10:49 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 01:09 - 2014-04-19 23:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 01:09 - 2014-04-13 00:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\L******n\AppData\Local\Temp\f.exe
C:\Users\L******n\AppData\Local\Temp\InstallAX.exe
C:\Users\L******n\AppData\Local\Temp\Shockwave_Installer_FF.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 08:36
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by Lxxxxxxn at 2014-10-24 23:30:17
Running from C:\Users\Lxxxxxxn\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Computer Schutz (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Schutz (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Computer Security 12.77.101.0 (release) (Version: 12.77.101.0 - F-Secure Corporation) Hidden
DDBAC (HKLM\...\{4C19650D-1BF8-4459-A904-06FB692B0F8E}) (Version: 5.3.24 - DataDesign)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.102.104 - ALPS ELECTRIC CO., LTD.)
EssentialPIM (HKLM\...\EssentialPIM) (Version: 5.82 - Astonsoft Ltd)
FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
F-Secure CCF Reputation (Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.43.102.193 (release) (Version: 1.43.102.193 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.128 (Version: 1.02.128.1 - F-Secure Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Laptop Integrated Webcam Driver (1.01.01.0529) (HKLM\...\Creative OEM013) (Version: - )
Lexware Info Service (HKLM\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
M-net Programme (HKLM\...\F-Secure ServiceEnabler 51948) (Version: 1.77.243.0 - F-Secure Corporation)
M-net Programme (Version: 1.77.243.0 - F-Secure Corporation) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Online Safety 2.77.1189.49 (Version: 2.77.1189.49 - F-Secure Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Paragon Backup & Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
Quicken DELUXE 2014 (HKLM\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
WISO Steuer-Sparbuch 2014 (HKLM\...\{C866DE4A-3725-4E0C-98A0-4BA89C675215}) (Version: 21.05.8586 - Buhl Data Service GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
02-10-2014 04:45:27 Windows Modules Installer
09-10-2014 17:44:14 Geplanter Prüfpunkt
16-10-2014 04:59:39 Windows Update
16-10-2014 05:41:06 Windows Update
23-10-2014 07:43:16 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00A6F7E8-B2B1-495F-841F-2FD551A2306D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {371BA562-CB07-4118-88FA-21D6E8020031} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {58AF1F22-B1FF-458E-BBFF-8BF7FE88BF66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {B3B44C23-E64D-44E4-B114-1D7EADB0E3A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {D3ED4E0D-19BB-4374-A7ED-016F9C08A41D} - System32\Tasks\{B7352577-3E84-449C-969B-C664CA7F7A32} => C:\Programme\ProfitMaker8\ProfitMaker.exe [2009-08-06] ()
Task: {E02A7B7D-C549-43D0-BE41-58E10C2CD656} - System32\Tasks\{F1C51A4E-5844-4FA7-8EFD-2A328A55CAB9} => C:\Programme\ProfitMaker8\ProfitMaker.exe [2009-08-06] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-12 18:20 - 2013-10-23 09:19 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-04-12 16:26 - 2013-08-20 10:57 - 00045504 _____ () C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2013-01-18 11:06 - 2013-01-18 11:06 - 00208880 _____ () C:\Program Files\M-net\daas2.dll
2014-04-12 16:30 - 2014-04-12 16:30 - 00030888 _____ () C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2014-04-12 16:26 - 2014-05-21 14:06 - 00949288 _____ () C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2014-04-12 16:26 - 2014-04-12 16:30 - 00212008 _____ () C:\Program Files\M-net\apps\ComputerSecurity\Spam Control\fsas.dll
2014-04-12 15:57 - 2014-04-12 15:57 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2014-04-12 16:26 - 2013-08-20 10:57 - 00056256 _____ () C:\Program Files\M-net\apps\ComputerSecurity\FSGUI\fsavures.eng
2014-04-12 16:26 - 2013-08-20 10:57 - 00093120 _____ () C:\Program Files\M-net\apps\ComputerSecurity\FSGUI\strres.eng
2014-04-12 16:26 - 2013-08-20 10:57 - 00154560 _____ () C:\Program Files\M-net\apps\ComputerSecurity\FSGUI\flyerres.eng
2014-07-06 21:36 - 2014-07-06 21:36 - 17127792 _____ () C:\Program Files\EssentialPIM\EssentialPIM.exe
2009-06-26 12:03 - 2009-06-26 12:03 - 00050176 _____ () C:\Program Files\EssentialPIM\hunspelldll.dll
2014-10-15 06:57 - 2014-10-11 14:53 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-137090181-1359151331-3666072106-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-137090181-1359151331-3666072106-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-137090181-1359151331-3666072106-1003 - Limited - Enabled)
Lxxxxxxn (S-1-5-21-137090181-1359151331-3666072106-1000 - Administrator - Enabled) => C:\Users\Lxxxxxxn
UpdatusUser (S-1-5-21-137090181-1359151331-3666072106-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Massenspeichercontroller
Description: Massenspeichercontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/24/2014 11:28:28 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 17 2014-10-24 23:28:28+02:00 NIVALULI SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\Lxxxxxxn\downloads\frst.exe
File hash: c11d8338737cd82f7e45bc6674e51e4c77d77983
Error: (10/24/2014 09:27:21 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 16 2014-10-24 21:27:21+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup.exe
Error: (10/24/2014 09:27:20 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 15 2014-10-24 21:27:20+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(2).exe
Error: (10/24/2014 09:26:55 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 14 2014-10-24 21:26:55+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(1).exe
Error: (10/24/2014 09:26:18 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 13 2014-10-24 21:26:18+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(1).exe
Error: (10/24/2014 09:26:00 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 12 2014-10-24 21:26:00+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(1).exe
Error: (10/24/2014 09:25:46 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 11 2014-10-24 21:25:46+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(1).exe
Error: (10/24/2014 09:25:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 10 2014-10-24 21:25:35+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(2).exe
Error: (10/24/2014 09:25:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 9 2014-10-24 21:25:35+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup.exe
Error: (10/24/2014 09:25:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 8 2014-10-24 21:25:34+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(1).exe
System errors:
=============
Error: (10/23/2014 09:56:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%14
Error: (10/23/2014 09:06:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.10.2014 um 08:23:55 unerwartet heruntergefahren.
Error: (10/19/2014 11:00:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 19.10.2014 um 22:41:15 unerwartet heruntergefahren.
Error: (10/16/2014 07:21:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 (KB2952664)
Error: (10/16/2014 07:16:21 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error: (10/16/2014 07:13:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB3000061)
Error: (10/09/2014 11:29:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 09.10.2014 um 11:25:00 unerwartet heruntergefahren.
Error: (10/04/2014 06:45:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.10.2014 um 18:39:17 unerwartet heruntergefahren.
Error: (10/04/2014 10:32:19 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.10.2014 um 02:04:31 unerwartet heruntergefahren.
Error: (09/28/2014 10:00:09 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 28.09.2014 um 06:29:39 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (10/24/2014 11:28:28 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 17 2014-10-24 23:28:28+02:00 NIVALULI SYSTEM F-Secure DeepGuard
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\users\Lxxxxxxn\downloads\frst.exe
File hash: c11d8338737cd82f7e45bc6674e51e4c77d77983
Error: (10/24/2014 09:27:21 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 16 2014-10-24 21:27:21+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup.exe
Error: (10/24/2014 09:27:20 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 15 2014-10-24 21:27:20+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(2).exe
Error: (10/24/2014 09:26:55 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 14 2014-10-24 21:26:55+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(1).exe
Error: (10/24/2014 09:26:18 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 13 2014-10-24 21:26:18+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(1).exe
Error: (10/24/2014 09:26:00 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 12 2014-10-24 21:26:00+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(1).exe
Error: (10/24/2014 09:25:46 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 11 2014-10-24 21:25:46+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(1).exe
Error: (10/24/2014 09:25:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 10 2014-10-24 21:25:35+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(2).exe
Error: (10/24/2014 09:25:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 9 2014-10-24 21:25:35+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup.exe
Error: (10/24/2014 09:25:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 8 2014-10-24 21:25:34+02:00 NIVALULI Nivaluli\Lxxxxxxn F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: MemScan:Application.Bundler.Outbrowse
Object: C:\Users\Lxxxxxxn\Downloads\setup(1).exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 3066.89 MB
Available physical RAM: 1516.49 MB
Total Pagefile: 6132.07 MB
Available Pagefile: 3812.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.14 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:182.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 98DEB064)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-24 23:52:22
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320421ASG rev.DE17 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Lxxxxxxn\AppData\Local\Temp\kfliqpow.sys
---- System - GMER 2.1 ----
SSDT \??\C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwCreateThread [0x92195ECC]
SSDT \??\C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x92195EE6]
SSDT \??\C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x92195BEE]
SSDT \??\C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwOpenSection [0x92196084]
SSDT \??\C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwRenameKey [0x92197436]
SSDT \??\C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwSuspendProcess [0x92195A6C]
SSDT \??\C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwSuspendThread [0x92195F00]
SSDT \??\C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwTerminateProcess [0x921959C6]
SSDT \??\C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwTerminateThread [0x92195B26]
SSDT \??\C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x92195FC8]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A8FA35 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AC9392 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82AD06E8 8 Bytes [CC, 5E, 19, 92, E6, 5E, 19, ...] {INT 3 ; POP ESI; SBB [EDX-0x6de6a11a], EDX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1347 82AD082C 4 Bytes [EE, 5B, 19, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 82AD0894 4 Bytes [84, 60, 19, 92] {TEST [EAX+0x19], AH; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 152F 82AD0A14 4 Bytes [36, 74, 19, 92] {JZ 0x1c; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82AD0B44 8 Bytes [6C, 5A, 19, 92, 00, 5F, 19, ...] {INS BYTE [ES:EDI], DX; POP EDX; SBB [EDX-0x6de6a100], EDX}
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\lsm.exe[488] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0013000C
.text C:\Windows\system32\lsm.exe[488] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0013100C
.text C:\Windows\system32\lsm.exe[488] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0013200C
.text C:\Windows\system32\lsm.exe[488] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0013C00C
.text C:\Windows\system32\lsm.exe[488] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0013A00C
.text C:\Windows\system32\lsm.exe[488] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0013D00C
.text C:\Windows\system32\svchost.exe[608] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 001F000C
.text C:\Windows\system32\svchost.exe[608] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 001F100C
.text C:\Windows\system32\svchost.exe[608] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 001F200C
.text C:\Windows\system32\svchost.exe[608] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 001FE00C
.text C:\Windows\system32\svchost.exe[608] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 001FC00C
.text C:\Windows\system32\svchost.exe[608] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 001FF00C
.text C:\Windows\system32\svchost.exe[608] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 001F400C
.text C:\Windows\system32\svchost.exe[608] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 001F300C
.text C:\Windows\system32\winlogon.exe[616] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0025000C
.text C:\Windows\system32\winlogon.exe[616] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0025100C
.text C:\Windows\system32\winlogon.exe[616] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0025200C
.text C:\Windows\system32\winlogon.exe[616] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0025E00C
.text C:\Windows\system32\winlogon.exe[616] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0025C00C
.text C:\Windows\system32\winlogon.exe[616] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0025F00C
.text C:\Windows\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0025400C
.text C:\Windows\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0025300C
.text C:\Windows\system32\nvvsvc.exe[704] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0057000C
.text C:\Windows\system32\nvvsvc.exe[704] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0057100C
.text C:\Windows\system32\nvvsvc.exe[704] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0057200C
.text C:\Windows\system32\nvvsvc.exe[704] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0057E00C
.text C:\Windows\system32\nvvsvc.exe[704] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0057C00C
.text C:\Windows\system32\nvvsvc.exe[704] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0057F00C
.text C:\Windows\system32\nvvsvc.exe[704] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0057400C
.text C:\Windows\system32\nvvsvc.exe[704] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0057300C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[728] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0045000C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[728] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0045100C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[728] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0045200C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[728] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0045E00C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[728] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0045C00C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[728] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0045F00C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[728] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0045400C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[728] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0045300C
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0039000C
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0039100C
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0039200C
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0039E00C
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0039C00C
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0039F00C
.text C:\Windows\system32\svchost.exe[772] user32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0039400C
.text C:\Windows\system32\svchost.exe[772] user32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0039300C
.text C:\Windows\System32\svchost.exe[816] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 005D000C
.text C:\Windows\System32\svchost.exe[816] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 005D100C
.text C:\Windows\System32\svchost.exe[816] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 005D200C
.text C:\Windows\System32\svchost.exe[816] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 005DE00C
.text C:\Windows\System32\svchost.exe[816] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 005DC00C
.text C:\Windows\System32\svchost.exe[816] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 005DF00C
.text C:\Windows\System32\svchost.exe[816] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 005D400C
.text C:\Windows\System32\svchost.exe[816] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 005D300C
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 005C000C
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 005C100C
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 005C200C
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 005CE00C
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 005CC00C
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 005CF00C
.text C:\Windows\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 005C400C
.text C:\Windows\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 005C300C
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0023000C
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0023100C
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0023200C
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0023E00C
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0023C00C
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0023F00C
.text C:\Windows\system32\svchost.exe[948] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0023400C
.text C:\Windows\system32\svchost.exe[948] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0023300C
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0018000C
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0018100C
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0018200C
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0018E00C
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0018C00C
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0018F00C
.text C:\Windows\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0018400C
.text C:\Windows\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0018300C
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 00A4000C
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 00A4100C
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 00A4200C
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 00A4E00C
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 00A4C00C
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 00A4F00C
.text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 00A4400C
.text C:\Windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 00A4300C
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0010000C
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0010100C
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0010200C
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0010E00C
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0010C00C
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0010F00C
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0010400C
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0010300C
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 008C000C
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 008C100C
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 008C200C
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 008CE00C
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 008CC00C
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 008CF00C
.text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 008C400C
.text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 008C300C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1356] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 002D000C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1356] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 002D100C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1356] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 002D200C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1356] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 002DE00C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1356] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 002DC00C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1356] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 002DF00C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1356] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 002D400C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[1356] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 002D300C
.text C:\Program Files\DellTPad\Apntex.exe[1372] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 002B000C
.text C:\Program Files\DellTPad\Apntex.exe[1372] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 002B100C
.text C:\Program Files\DellTPad\Apntex.exe[1372] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 002B200C
.text C:\Program Files\DellTPad\Apntex.exe[1372] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 002BE00C
.text C:\Program Files\DellTPad\Apntex.exe[1372] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 002BC00C
.text C:\Program Files\DellTPad\Apntex.exe[1372] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 002BF00C
.text C:\Program Files\DellTPad\Apntex.exe[1372] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 002B400C
.text C:\Program Files\DellTPad\Apntex.exe[1372] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 002B300C
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1384] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0076000C
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1384] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0076100C
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1384] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0076200C
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1384] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0076E00C
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1384] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0076C00C
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1384] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0076F00C
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1384] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0076400C
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1384] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0076300C
.text C:\Windows\system32\nvvsvc.exe[1400] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0069000C
.text C:\Windows\system32\nvvsvc.exe[1400] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0069100C
.text C:\Windows\system32\nvvsvc.exe[1400] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0069200C
.text C:\Windows\system32\nvvsvc.exe[1400] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0069E00C
.text C:\Windows\system32\nvvsvc.exe[1400] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0069C00C
.text C:\Windows\system32\nvvsvc.exe[1400] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0069F00C
.text C:\Windows\system32\nvvsvc.exe[1400] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0069400C
.text C:\Windows\system32\nvvsvc.exe[1400] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0069300C
.text C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0024000C
.text C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0024100C
.text C:\Windows\system32\svchost.exe[1584] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0024200C
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0024E00C
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0024C00C
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0024F00C
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0024400C
.text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0024300C
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 00AA000C
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 00AA100C
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 00AA200C
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 00AAE00C
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 00AAC00C
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 00AAF00C
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 00AA400C
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 00AA300C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0008000C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0008100C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0008200C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0008E00C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0008C00C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0008F00C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0008400C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0008300C
.text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1768] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 001F000C
.text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1768] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 001F100C
.text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1768] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 001F200C
.text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1768] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 001FE00C
.text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1768] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 001FC00C
.text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1768] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 001FF00C
.text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1768] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 001F400C
.text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1768] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 001F300C
.text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1832] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 000E000C
.text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1832] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 000E100C
.text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1832] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 000E200C
.text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1832] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 000EE00C
.text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1832] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 000EC00C
.text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1832] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 000EF00C
.text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1832] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 000E400C
.text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1832] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 000E300C
.text C:\Program Files\DellTPad\HidFind.exe[2136] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0030000C
.text C:\Program Files\DellTPad\HidFind.exe[2136] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0030100C
.text C:\Program Files\DellTPad\HidFind.exe[2136] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0030200C
.text C:\Program Files\DellTPad\HidFind.exe[2136] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0030E00C
.text C:\Program Files\DellTPad\HidFind.exe[2136] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0030C00C
.text C:\Program Files\DellTPad\HidFind.exe[2136] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0030F00C
.text C:\Program Files\DellTPad\HidFind.exe[2136] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0030400C
.text C:\Program Files\DellTPad\HidFind.exe[2136] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0030300C
.text C:\Windows\system32\notepad.exe[2516] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0009000C
.text C:\Windows\system32\notepad.exe[2516] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0009100C
.text C:\Windows\system32\notepad.exe[2516] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0009200C
.text C:\Windows\system32\svchost.exe[2652] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 002F000C
.text C:\Windows\system32\svchost.exe[2652] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 002F100C
.text C:\Windows\system32\svchost.exe[2652] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 002F200C
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 002FE00C
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 002FC00C
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 002FF00C
.text C:\Windows\system32\svchost.exe[2652] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 002F400C
.text C:\Windows\system32\svchost.exe[2652] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 002F300C
.text C:\Windows\System32\WUDFHost.exe[2888] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 002D000C
.text C:\Windows\System32\WUDFHost.exe[2888] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 002D100C
.text C:\Windows\System32\WUDFHost.exe[2888] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 002D200C
.text C:\Windows\System32\WUDFHost.exe[2888] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 002DE00C
.text C:\Windows\System32\WUDFHost.exe[2888] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 002DC00C
.text C:\Windows\System32\WUDFHost.exe[2888] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 002DF00C
.text C:\Windows\System32\WUDFHost.exe[2888] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 002D400C
.text C:\Windows\System32\WUDFHost.exe[2888] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 002D300C
.text C:\Windows\system32\Dwm.exe[3356] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 013F000C
.text C:\Windows\system32\Dwm.exe[3356] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 013F100C
.text C:\Windows\system32\Dwm.exe[3356] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 013F200C
.text C:\Windows\system32\Dwm.exe[3356] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 013FE00C
.text C:\Windows\system32\Dwm.exe[3356] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 013FC00C
.text C:\Windows\system32\Dwm.exe[3356] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 013FF00C
.text C:\Windows\system32\Dwm.exe[3356] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 013F400C
.text C:\Windows\system32\Dwm.exe[3356] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 013F300C
.text C:\Windows\Explorer.EXE[3416] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0035000C
.text C:\Windows\Explorer.EXE[3416] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0035100C
.text C:\Windows\Explorer.EXE[3416] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0035200C
.text C:\Windows\Explorer.EXE[3416] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0035E00C
.text C:\Windows\Explorer.EXE[3416] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0035C00C
.text C:\Windows\Explorer.EXE[3416] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0035F00C
.text C:\Windows\Explorer.EXE[3416] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0035400C
.text C:\Windows\Explorer.EXE[3416] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0035300C
.text C:\Program Files\DellTPad\Apoint.exe[3716] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 002D000C
.text C:\Program Files\DellTPad\Apoint.exe[3716] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 002D100C
.text C:\Program Files\DellTPad\Apoint.exe[3716] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 002D200C
.text C:\Program Files\DellTPad\Apoint.exe[3716] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 002DE00C
.text C:\Program Files\DellTPad\Apoint.exe[3716] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 002DC00C
.text C:\Program Files\DellTPad\Apoint.exe[3716] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 002DF00C
.text C:\Program Files\DellTPad\Apoint.exe[3716] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 002D400C
.text C:\Program Files\DellTPad\Apoint.exe[3716] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 002D300C
.text C:\Windows\OEM13Mon.exe[3724] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 002F000C
.text C:\Windows\OEM13Mon.exe[3724] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 002F100C
.text C:\Windows\OEM13Mon.exe[3724] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 002F200C
.text C:\Windows\OEM13Mon.exe[3724] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 002FE00C
.text C:\Windows\OEM13Mon.exe[3724] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 002FC00C
.text C:\Windows\OEM13Mon.exe[3724] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 002FF00C
.text C:\Windows\OEM13Mon.exe[3724] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 002F400C
.text C:\Windows\OEM13Mon.exe[3724] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 002F300C
.text C:\Program Files\EssentialPIM\EssentialPIM.exe[3936] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0019000C
.text C:\Program Files\EssentialPIM\EssentialPIM.exe[3936] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0019100C
.text C:\Program Files\EssentialPIM\EssentialPIM.exe[3936] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0019200C
.text C:\Program Files\EssentialPIM\EssentialPIM.exe[3936] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0019E00C
.text C:\Program Files\EssentialPIM\EssentialPIM.exe[3936] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0019C00C
.text C:\Program Files\EssentialPIM\EssentialPIM.exe[3936] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0019F00C
.text C:\Program Files\EssentialPIM\EssentialPIM.exe[3936] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0019400C
.text C:\Program Files\EssentialPIM\EssentialPIM.exe[3936] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0019300C
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0119000C
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0119100C
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0119200C
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] kernel32.dll!CopyFileExW 7739B348 5 Bytes JMP 0119E00C
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] kernel32.dll!OpenMutexA 773A04DA 5 Bytes JMP 0119C00C
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] kernel32.dll!CreateDirectoryExW 773E7D09 5 Bytes JMP 0119F00C
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] USER32.dll!SetWindowsHookExW 75A8E30C 5 Bytes JMP 0119400C
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4008] USER32.dll!SetWindowsHookExA 75AB6D0C 5 Bytes JMP 0119300C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] ntdll.dll!NtCreateFile 77485608 5 Bytes JMP 59E9C820 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 0002000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 0002100C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 0002200C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] ntdll.dll!NtFlushBuffersFile 77485998 5 Bytes JMP 59E6F374 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] ntdll.dll!NtQueryFullAttributesFile 77486028 5 Bytes JMP 59E6F090 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] ntdll.dll!NtReadFile 774862F8 5 Bytes JMP 59E6F270 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] ntdll.dll!NtReadFileScatter 77486308 5 Bytes JMP 5A7C923A C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] ntdll.dll!NtWriteFile 77486AA8 5 Bytes JMP 59E9D710 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] ntdll.dll!NtWriteFileGather 77486AB8 5 Bytes JMP 5A7C91E9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 773A94E6 7 Bytes JMP 5A72FDEA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] kernel32.dll!QueryPerformanceCounter + 13 773AC4E5 7 Bytes JMP 5A72FE0D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] kernel32.dll!LoadAppInitDlls + 355 773AF5A6 7 Bytes JMP 59E9934D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] USER32.dll!GetWindowInfo 75A94B5E 5 Bytes JMP 5A6362F6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5048] GDI32.dll!GetViewportOrgEx + 26C 75B5884B 7 Bytes JMP 5A72FD6B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Users\Lxxxxxxn\Downloads\FRST.exe[6096] ntdll.dll!NtCreateProcess 774856D8 5 Bytes JMP 000E000C
.text C:\Users\Lxxxxxxn\Downloads\FRST.exe[6096] ntdll.dll!NtCreateProcessEx 774856E8 5 Bytes JMP 000E100C
.text C:\Users\Lxxxxxxn\Downloads\FRST.exe[6096] ntdll.dll!NtCreateUserProcess 774857B8 5 Bytes JMP 000E200C
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\00000077 bthport.sys
Device \Driver\BTHUSB \Device\00000079 bthport.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556be47b9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556be47b9 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@A30D6B99 140
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 24.10.2014 Scan Time: 23:55:23 Logfile: mbam.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.24.07 Rootkit Database: v2014.10.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: L******n Scan Type: Threat Scan Result: Completed Objects Scanned: 359170 Time Elapsed: 12 min, 15 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 3 PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, , [147370a8e19b61d58b0db32e15ed1fe1], PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, , [147370a8e19b61d58b0db32e15ed1fe1], PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [147370a8e19b61d58b0db32e15ed1fe1], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 4 PUP.Optional.Outbrowse, C:\Users\L******n\AppData\Local\Temp\f.exe, , [147370a8e19b61d58b0db32e15ed1fe1], PUP.Optional.Outbrowse, C:\Users\L******n\Downloads\setup(1).exe, , [533473a5b4c8b185a59195ffec15966a], PUP.Optional.Outbrowse, C:\Users\L******n\Downloads\setup(2).exe, , [67202deb4f2dc67061d58014cd3455ab], PUP.Optional.Outbrowse, C:\Users\L******n\Downloads\setup.exe, , [ef982aeec9b3b0862a0c128257aac040], Physical Sectors: 0 (No malicious items detected) (end) NLut |
|
25.10.2014, 07:16
| #2 |
| /// the machine /// TB-Ausbilder    | Win 7 Prof: PUP.Optional.Outbrowse Hi,
__________________MBAM updaten, scannen, Funde löschen lassen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
25.10.2014, 14:08
| #3 |
| | Win 7 Prof: PUP.Optional.Outbrowse Hallo Schrauber,
__________________hier die gwünschen Logfiles: AdwCleaner Code:
ATTFilter # AdwCleaner v4.001 - Bericht erstellt am 25/10/2014 um 13:22:14
# DB v2014-10-23.2
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : L******n - NIVALULI
# Gestartet von : C:\Users\L******n\Desktop\AdwCleaner_4.001.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SecTaskMan
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0 (x86 de)
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R0].txt - [3451 octets] - [25/10/2014 13:18:47]
AdwCleaner[S0].txt - [3315 octets] - [25/10/2014 13:22:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3375 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Professional x86
Ran by L******n on 25.10.2014 at 13:26:24,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\L******n\AppData\Roaming\mozilla\firefox\profiles\x7dvt5kg.default-1400893040681\prefs.js
user_pref("browser.search.defaultenginename", "Ixquick HTTPS - Deutsch");
user_pref("browser.search.selectedEngine", "Ixquick HTTPS - Deutsch");
Emptied folder: C:\Users\L******n\AppData\Roaming\mozilla\firefox\profiles\x7dvt5kg.default-1400893040681\minidumps [11 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.10.2014 at 14:25:48,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by L******n (administrator) on NIVALULI on 25-10-2014 14:42:30
Running from C:\Users\L******n\Desktop
Loaded Profiles: L******n & UpdatusUser (Available profiles: L******n & UpdatusUser & Administrator)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(F-Secure Corporation) C:\Program Files\M-net\fshoster32.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(F-Secure Corporation) C:\Program Files\M-net\fshoster32.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Common\FSM32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(AVM Berlin) C:\Users\L******n\AppData\Local\Apps\2.0\8O6JCZON.0GD\2Q242DRO.ZNJ\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-02-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM\...\Run: [F-Secure Hoster (51948)] => C:\Program Files\M-net\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\M-net\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-20] (F-Secure Corporation)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-137090181-1359151331-3666072106-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\L******n\AppData\Local\Apps\2.0\8O6JCZON.0GD\2Q242DRO.ZNJ\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-04-12] (AVM Berlin)
HKU\S-1-5-21-137090181-1359151331-3666072106-1000\...\Run: [EssentialPIM] => C:\Program Files\EssentialPIM\EssentialPIM.exe [17127792 2014-07-06] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681
FF Homepage: hxxp://www.fcbayern.de/de/news/news/#/filter
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-24]
FF Extension: Ghostery - C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\Extensions\firefox@ghostery.com.xpi [2014-08-27]
FF Extension: NoScript - C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-15]
Chrome:
=======
CHR Profile: C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (YouTube) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google-Suche) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Google Tabellen) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (Google Wallet) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Google Mail) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 fshoster; C:\Program Files\M-net\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
R3 FSMA; C:\Program Files\M-net\apps\ComputerSecurity\Common\FSMA32.EXE [207808 2013-08-20] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files\M-net\apps\CCF_Reputation\fsorsp.exe [60352 2014-04-12] (F-Secure Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2014-04-12] (AVM Berlin)
R3 F-Secure Gatekeeper; C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [146472 2014-06-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys [73896 2014-06-23] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2014-04-12] ()
R3 fsni; C:\Program Files\M-net\apps\CCF_Scanning\fsni32.sys [70184 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [12736 2013-08-20] ()
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [99840 2014-03-14] (Gemalto)
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-01-23] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-01-23] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540168 2014-01-23] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-25 14:42 - 2014-10-25 14:43 - 00011635 _____ () C:\Users\L******n\Desktop\FRST.txt
2014-10-25 14:25 - 2014-10-25 14:25 - 00001123 _____ () C:\Users\L******n\Desktop\JRT.txt
2014-10-25 13:26 - 2014-10-25 13:26 - 00000000 ____D () C:\Windows\ERUNT
2014-10-25 13:18 - 2014-10-25 13:22 - 00000000 ____D () C:\AdwCleaner
2014-10-25 12:56 - 2014-10-25 12:56 - 01706144 _____ (Thisisu) C:\Users\L******n\Desktop\JRT.exe
2014-10-25 12:54 - 2014-10-25 12:55 - 01962496 _____ () C:\Users\L******n\Desktop\AdwCleaner_4.001.exe
2014-10-25 10:27 - 2014-10-25 10:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-25 00:09 - 2014-10-25 00:10 - 00001822 _____ () C:\Users\L******n\Downloads\mbam.txt
2014-10-24 23:52 - 2014-10-24 23:53 - 00046912 _____ () C:\Users\L******n\Downloads\ger.log
2014-10-24 23:30 - 2014-10-24 23:34 - 00021797 _____ () C:\Users\L******n\Downloads\Addition.txt
2014-10-24 23:29 - 2014-10-25 14:42 - 00000000 ____D () C:\FRST
2014-10-24 23:29 - 2014-10-25 01:22 - 00028981 _____ () C:\Users\L******n\Downloads\FRST.txt
2014-10-24 23:28 - 2014-10-24 23:28 - 01103360 _____ (Farbar) C:\Users\L******n\Desktop\FRST.exe
2014-10-24 23:24 - 2014-10-24 23:24 - 00380416 _____ () C:\Users\L******n\Downloads\Gmer-19357.exe
2014-10-22 17:42 - 2014-10-22 17:42 - 00000000 __SHD () C:\Users\L******n\AppData\Local\EmieUserList
2014-10-22 17:42 - 2014-10-22 17:42 - 00000000 __SHD () C:\Users\L******n\AppData\Local\EmieSiteList
2014-10-22 17:32 - 2014-10-22 17:32 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-22 17:32 - 2014-10-22 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-22 17:31 - 2014-10-25 14:36 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 17:31 - 2014-10-25 13:23 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 17:31 - 2014-10-22 17:31 - 00000000 ____D () C:\Program Files\Google
2014-10-22 17:30 - 2014-10-22 17:32 - 00000000 ____D () C:\Users\L******n\AppData\Local\Google
2014-10-22 17:30 - 2014-10-22 17:30 - 00880272 _____ (Google Inc.) C:\Users\L******n\Downloads\ChromeSetup.exe
2014-10-22 17:28 - 2014-10-22 17:29 - 42522704 _____ (Google Inc.) C:\Users\L******n\Downloads\ChromeStandaloneSetup(1).exe
2014-10-22 17:27 - 2014-10-22 17:28 - 42522704 _____ (Google Inc.) C:\Users\L******n\Downloads\ChromeStandaloneSetup.exe
2014-10-19 18:07 - 2014-10-19 18:07 - 36254312 _____ () C:\Users\L******n\Downloads\Firefox_Setup_33.0.exe
2014-10-15 07:11 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 07:11 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 07:11 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 07:11 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 07:11 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 07:11 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 07:11 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 07:11 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 07:11 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 07:11 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 07:11 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 07:11 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 07:11 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 07:11 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 07:11 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 07:11 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 07:11 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 07:11 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 07:11 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 07:11 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 07:11 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 07:11 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 07:11 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 07:11 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 07:11 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 07:11 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 07:11 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 07:11 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 07:11 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 07:11 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 07:11 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 07:10 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 07:10 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 07:10 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 07:10 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 07:10 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 07:10 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 07:10 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 07:10 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 07:10 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 07:09 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 07:09 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 07:09 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 07:09 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 07:09 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 07:09 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 07:09 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 07:09 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 07:09 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 07:09 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 07:08 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 07:08 - 2014-08-19 04:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 07:08 - 2014-08-19 04:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 07:08 - 2014-08-19 04:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 07:08 - 2014-08-19 04:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 07:08 - 2014-08-19 03:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 07:08 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 07:08 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 07:08 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 07:08 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 07:08 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 07:08 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 07:08 - 2014-07-07 03:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 07:08 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 07:08 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 07:08 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 07:08 - 2014-07-07 03:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 07:08 - 2014-06-28 02:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 07:08 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 07:08 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 06:57 - 2014-10-19 18:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-01 06:57 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-25 14:26 - 2014-04-12 13:21 - 01078225 _____ () C:\Windows\WindowsUpdate.log
2014-10-25 14:09 - 2014-04-19 23:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-25 13:30 - 2009-07-14 06:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-25 13:30 - 2009-07-14 06:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-25 13:23 - 2014-04-12 18:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-25 13:23 - 2010-11-20 23:48 - 00011110 _____ () C:\Windows\PFRO.log
2014-10-25 13:23 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-25 13:23 - 2009-07-14 06:39 - 00033626 _____ () C:\Windows\setupact.log
2014-10-25 13:16 - 2009-07-14 06:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-25 12:57 - 2014-04-25 22:53 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 04:24 - 2014-04-12 16:31 - 00000000 ____D () C:\Users\L******n\AppData\Roaming\EssentialPIM
2014-10-24 20:58 - 2014-04-25 22:52 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-24 20:58 - 2014-04-25 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-24 20:58 - 2014-04-25 22:52 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-10-19 22:59 - 2014-04-13 22:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-19 18:09 - 2014-04-12 16:46 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-19 18:09 - 2014-04-12 16:46 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-17 08:13 - 2009-07-14 06:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 08:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 08:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 07:45 - 2009-07-14 06:33 - 00298192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 07:13 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 07:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 07:09 - 2014-04-12 18:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 07:06 - 2014-04-12 18:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-08 07:02 - 2014-04-12 21:08 - 00000000 ____D () C:\Users\L******n\AppData\Local\Deployment
2014-10-01 11:11 - 2014-04-25 22:52 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-04-25 22:52 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-04-25 22:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 10:02 - 2014-04-14 16:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
Some content of TEMP:
====================
C:\Users\L******n\AppData\Local\Temp\InstallAX.exe
C:\Users\L******n\AppData\Local\Temp\Quarantine.exe
C:\Users\L******n\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\L******n\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 08:36
==================== End Of Log ============================
addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by L******n at 2014-10-25 14:43:22
Running from C:\Users\L******n\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Computer Schutz (Disabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Schutz (Disabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Computer Security 12.77.101.0 (release) (Version: 12.77.101.0 - F-Secure Corporation) Hidden
DDBAC (HKLM\...\{4C19650D-1BF8-4459-A904-06FB692B0F8E}) (Version: 5.3.24 - DataDesign)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.102.104 - ALPS ELECTRIC CO., LTD.)
EssentialPIM (HKLM\...\EssentialPIM) (Version: 5.82 - Astonsoft Ltd)
FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
F-Secure CCF Reputation (Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.43.102.193 (release) (Version: 1.43.102.193 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.128 (Version: 1.02.128.1 - F-Secure Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Laptop Integrated Webcam Driver (1.01.01.0529) (HKLM\...\Creative OEM013) (Version: - )
Lexware Info Service (HKLM\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
M-net Programme (HKLM\...\F-Secure ServiceEnabler 51948) (Version: 1.77.243.0 - F-Secure Corporation)
M-net Programme (Version: 1.77.243.0 - F-Secure Corporation) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Online Safety 2.77.1189.49 (Version: 2.77.1189.49 - F-Secure Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Paragon Backup & Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
Quicken DELUXE 2014 (HKLM\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
WISO Steuer-Sparbuch 2014 (HKLM\...\{C866DE4A-3725-4E0C-98A0-4BA89C675215}) (Version: 21.05.8586 - Buhl Data Service GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
02-10-2014 04:45:27 Windows Modules Installer
09-10-2014 17:44:14 Geplanter Prüfpunkt
16-10-2014 04:59:39 Windows Update
16-10-2014 05:41:06 Windows Update
23-10-2014 07:43:16 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00A6F7E8-B2B1-495F-841F-2FD551A2306D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {371BA562-CB07-4118-88FA-21D6E8020031} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {58AF1F22-B1FF-458E-BBFF-8BF7FE88BF66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {B3B44C23-E64D-44E4-B114-1D7EADB0E3A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {D3ED4E0D-19BB-4374-A7ED-016F9C08A41D} - System32\Tasks\{B7352577-3E84-449C-969B-C664CA7F7A32} => C:\Programme\ProfitMaker8\ProfitMaker.exe [2009-08-06] ()
Task: {E02A7B7D-C549-43D0-BE41-58E10C2CD656} - System32\Tasks\{F1C51A4E-5844-4FA7-8EFD-2A328A55CAB9} => C:\Programme\ProfitMaker8\ProfitMaker.exe [2009-08-06] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-12 18:20 - 2013-10-23 09:19 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-04-12 16:26 - 2013-08-20 10:57 - 00045504 _____ () C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2013-01-18 11:06 - 2013-01-18 11:06 - 00208880 _____ () C:\Program Files\M-net\daas2.dll
2014-04-12 16:30 - 2014-04-12 16:30 - 00030888 _____ () C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2014-04-12 16:26 - 2014-04-12 16:30 - 00212008 _____ () C:\Program Files\M-net\apps\ComputerSecurity\Spam Control\fsas.dll
2014-04-12 16:26 - 2014-05-21 14:06 - 00949288 _____ () C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2014-04-12 15:57 - 2014-04-12 15:57 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2014-04-12 16:26 - 2013-08-20 10:57 - 00056256 _____ () C:\Program Files\M-net\apps\ComputerSecurity\FSGUI\fsavures.eng
2014-04-12 16:26 - 2013-08-20 10:57 - 00093120 _____ () C:\Program Files\M-net\apps\ComputerSecurity\FSGUI\strres.eng
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-137090181-1359151331-3666072106-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-137090181-1359151331-3666072106-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-137090181-1359151331-3666072106-1003 - Limited - Enabled)
L******n (S-1-5-21-137090181-1359151331-3666072106-1000 - Administrator - Enabled) => C:\Users\L******n
UpdatusUser (S-1-5-21-137090181-1359151331-3666072106-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Massenspeichercontroller
Description: Massenspeichercontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 3066.89 MB
Available physical RAM: 2197.91 MB
Total Pagefile: 6132.07 MB
Available Pagefile: 4971.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.61 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:181.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 98DEB064)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
und viele grüsse NLut |
|
26.10.2014, 10:21
| #4 |
| /// the machine /// TB-Ausbilder | Win 7 Prof: PUP.Optional.OutbrowseESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.10.2014, 16:38
| #5 |
| | Win 7 Prof: PUP.Optional.Outbrowse Hallo Schrauber, vielen Dank für die Hilfe!!! eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=86d70c1fd8e6dd428b4d7b4e1064a4ed
# engine=20816
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-28 03:12:37
# local_time=2014-10-28 04:12:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Computer Security'
# compatibility_mode=2308 16777213 100 93 9828 37521821 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 17183705 166140348 0 0
# scanned=249333
# found=0
# cleaned=0
# scan_time=5068
Code:
ATTFilter Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Computer Schutz
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (33.0)
Mozilla Thunderbird (24.6.0)
Google Chrome 38.0.2125.104
````````Process Check: objlist.exe by Laurent````````
M-net apps ComputerSecurity Anti-Virus\FSGK32.EXE
M-net apps ComputerSecurity Anti-Virus\fssm32.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014 01
Ran by L******n (administrator) on NIVALULI on 28-10-2014 16:31:41
Running from C:\Users\L******n\Desktop
Loaded Profiles: L******n & UpdatusUser (Available profiles: L******n & UpdatusUser & Administrator)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(F-Secure Corporation) C:\Program Files\M-net\fshoster32.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(F-Secure Corporation) C:\Program Files\M-net\fshoster32.exe
(F-Secure Corporation) C:\Program Files\M-net\apps\ComputerSecurity\Common\FSM32.EXE
() C:\Program Files\EssentialPIM\EssentialPIM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(AVM Berlin) C:\Users\L******n\AppData\Local\Apps\2.0\8O6JCZON.0GD\2Q242DRO.ZNJ\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
() C:\Users\L******n\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-02-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM\...\Run: [F-Secure Hoster (51948)] => C:\Program Files\M-net\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\M-net\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-20] (F-Secure Corporation)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-137090181-1359151331-3666072106-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\L******n\AppData\Local\Apps\2.0\8O6JCZON.0GD\2Q242DRO.ZNJ\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-04-12] (AVM Berlin)
HKU\S-1-5-21-137090181-1359151331-3666072106-1000\...\Run: [EssentialPIM] => C:\Program Files\EssentialPIM\EssentialPIM.exe [17127792 2014-07-06] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681
FF Homepage: hxxp://www.fcbayern.de/de/news/news/#/filter
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-24]
FF Extension: Ghostery - C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\Extensions\firefox@ghostery.com.xpi [2014-08-26]
FF Extension: NoScript - C:\Users\L******n\AppData\Roaming\Mozilla\Firefox\Profiles\x7dvt5kg.default-1400893040681\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-15]
Chrome:
=======
CHR Profile: C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (YouTube) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google-Suche) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Google Tabellen) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (Google Wallet) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Google Mail) - C:\Users\L******n\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 fshoster; C:\Program Files\M-net\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
R3 FSMA; C:\Program Files\M-net\apps\ComputerSecurity\Common\FSMA32.EXE [207808 2013-08-20] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files\M-net\apps\CCF_Reputation\fsorsp.exe [60352 2014-04-12] (F-Secure Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2014-04-12] (AVM Berlin)
R3 F-Secure Gatekeeper; C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [146472 2014-06-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\M-net\apps\ComputerSecurity\HIPS\drivers\fshs.sys [73896 2014-06-23] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2014-04-12] ()
R3 fsni; C:\Program Files\M-net\apps\CCF_Scanning\fsni32.sys [70184 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files\M-net\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [12736 2013-08-20] ()
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [99840 2014-03-14] (Gemalto)
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-01-23] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-01-23] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540168 2014-01-23] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 16:30 - 2014-10-28 16:30 - 00000000 ____D () C:\Users\L******n\Desktop\FRST-OlderVersion
2014-10-28 14:45 - 2014-10-28 14:45 - 00000000 ____D () C:\Program Files\ESET
2014-10-28 14:43 - 2014-10-28 14:43 - 00854448 _____ () C:\Users\L******n\Desktop\SecurityCheck.exe
2014-10-28 14:40 - 2014-10-28 14:40 - 02347384 _____ (ESET) C:\Users\L******n\Desktop\esetsmartinstaller_deu.exe
2014-10-25 13:43 - 2014-10-25 13:53 - 00012284 _____ () C:\Users\L******n\Desktop\Addition.txt
2014-10-25 13:42 - 2014-10-28 16:31 - 00011934 _____ () C:\Users\L******n\Desktop\FRST.txt
2014-10-25 13:25 - 2014-10-25 13:54 - 00001123 _____ () C:\Users\L******n\Desktop\JRT.txt
2014-10-25 12:26 - 2014-10-25 12:26 - 00000000 ____D () C:\Windows\ERUNT
2014-10-25 12:18 - 2014-10-25 12:22 - 00000000 ____D () C:\AdwCleaner
2014-10-25 11:56 - 2014-10-25 11:56 - 01706144 _____ (Thisisu) C:\Users\L******n\Desktop\JRT.exe
2014-10-25 11:54 - 2014-10-25 11:55 - 01962496 _____ () C:\Users\L******n\Desktop\AdwCleaner_4.001.exe
2014-10-25 09:27 - 2014-10-25 09:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-24 23:09 - 2014-10-24 23:10 - 00001822 _____ () C:\Users\L******n\Downloads\mbam.txt
2014-10-24 22:52 - 2014-10-24 22:53 - 00046912 _____ () C:\Users\L******n\Downloads\ger.log
2014-10-24 22:30 - 2014-10-24 22:34 - 00021797 _____ () C:\Users\L******n\Downloads\Addition.txt
2014-10-24 22:29 - 2014-10-28 16:31 - 00000000 ____D () C:\FRST
2014-10-24 22:29 - 2014-10-25 00:22 - 00028981 _____ () C:\Users\L******n\Downloads\FRST.txt
2014-10-24 22:28 - 2014-10-28 16:30 - 01104896 _____ (Farbar) C:\Users\L******n\Desktop\FRST.exe
2014-10-24 22:24 - 2014-10-24 22:24 - 00380416 _____ () C:\Users\L******n\Downloads\Gmer-19357.exe
2014-10-22 16:42 - 2014-10-22 16:42 - 00000000 __SHD () C:\Users\L******n\AppData\Local\EmieUserList
2014-10-22 16:42 - 2014-10-22 16:42 - 00000000 __SHD () C:\Users\L******n\AppData\Local\EmieSiteList
2014-10-22 16:32 - 2014-10-22 16:32 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-22 16:32 - 2014-10-22 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-22 16:31 - 2014-10-28 15:36 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 16:31 - 2014-10-28 14:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 16:31 - 2014-10-22 16:31 - 00000000 ____D () C:\Program Files\Google
2014-10-22 16:30 - 2014-10-22 16:32 - 00000000 ____D () C:\Users\L******n\AppData\Local\Google
2014-10-22 16:30 - 2014-10-22 16:30 - 00880272 _____ (Google Inc.) C:\Users\L******n\Downloads\ChromeSetup.exe
2014-10-22 16:28 - 2014-10-22 16:29 - 42522704 _____ (Google Inc.) C:\Users\L******n\Downloads\ChromeStandaloneSetup(1).exe
2014-10-22 16:27 - 2014-10-22 16:28 - 42522704 _____ (Google Inc.) C:\Users\L******n\Downloads\ChromeStandaloneSetup.exe
2014-10-19 17:07 - 2014-10-19 17:07 - 36254312 _____ () C:\Users\L******n\Downloads\Firefox_Setup_33.0.exe
2014-10-15 06:11 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 06:11 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 06:11 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 06:11 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 06:11 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 06:11 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 06:11 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 06:11 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 06:11 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 06:11 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 06:11 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 06:11 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 06:11 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 06:11 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 06:11 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 06:11 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 06:11 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 06:11 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 06:11 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 06:11 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 06:11 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 06:11 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 06:11 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 06:11 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 06:11 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 06:11 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 06:11 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 06:11 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 06:11 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 06:11 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 06:11 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 06:10 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 06:10 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 06:10 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 06:10 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 06:10 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 06:10 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 06:10 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 06:10 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 06:10 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 06:09 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 06:09 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 06:09 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 06:09 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 06:09 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 06:09 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 06:09 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 06:09 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 06:09 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 06:09 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 06:08 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 06:08 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 06:08 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 06:08 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 06:08 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 06:08 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 06:08 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 06:08 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 06:08 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 06:08 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 06:08 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 06:08 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 06:08 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 06:08 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 06:08 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 06:08 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 06:08 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 06:08 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 06:08 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 06:08 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 05:57 - 2014-10-19 17:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-01 05:57 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 16:19 - 2014-04-12 12:21 - 01153865 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 16:09 - 2014-04-19 22:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 14:05 - 2009-07-14 05:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 14:05 - 2009-07-14 05:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 14:04 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 13:57 - 2014-04-12 17:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-28 13:57 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 13:57 - 2009-07-14 05:39 - 00033794 _____ () C:\Windows\setupact.log
2014-10-28 10:26 - 2014-04-12 15:31 - 00000000 ____D () C:\Users\L******n\AppData\Roaming\EssentialPIM
2014-10-25 12:23 - 2010-11-20 22:48 - 00011110 _____ () C:\Windows\PFRO.log
2014-10-25 12:16 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-25 11:57 - 2014-04-25 21:53 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 19:58 - 2014-04-25 21:52 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-24 19:58 - 2014-04-25 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-24 19:58 - 2014-04-25 21:52 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-10-19 21:59 - 2014-04-13 21:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-19 17:09 - 2014-04-12 15:46 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-19 17:09 - 2014-04-12 15:46 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-17 07:13 - 2009-07-14 05:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 07:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 07:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 06:45 - 2009-07-14 05:33 - 00298192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 06:13 - 2014-05-07 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 06:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 06:09 - 2014-04-12 17:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 06:06 - 2014-04-12 17:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-08 06:02 - 2014-04-12 20:08 - 00000000 ____D () C:\Users\L******n\AppData\Local\Deployment
2014-10-01 10:11 - 2014-04-25 21:52 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 10:11 - 2014-04-25 21:52 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 10:11 - 2014-04-25 21:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
Some content of TEMP:
====================
C:\Users\L******n\AppData\Local\Temp\InstallAX.exe
C:\Users\L******n\AppData\Local\Temp\Quarantine.exe
C:\Users\L******n\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\L******n\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-25 23:14
==================== End Of Log ============================
Schaut gut aus oder? Danke nochmals und viele Grüße NLut |
|
29.10.2014, 08:24
| #6 |
| /// the machine /// TB-Ausbilder | Win 7 Prof: PUP.Optional.Outbrowse Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Win 7 Prof: PUP.Optional.Outbrowse |
|
| Themen zu Win 7 Prof: PUP.Optional.Outbrowse |
| adobe, adware, browser, cpu, defender, desktop, fehler, firefox, flash player, helper, homepage, mozilla, object, registry, rundll, scan, schutz, services.exe, software, spam, spyware, svchost.exe, system, temp, tracker, windows |
Linear-Darstellung
