| |
| |||||||
Log-Analyse und Auswertung: Trojan.FakeMS.ED in dll-DateiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.12.2014, 10:40
| #1 |
| |  Trojan.FakeMS.ED in dll-Datei Schönen guten Morgen zusammen, ich habe momentan den Rechner meines Kollegen zuhause, da er von frustrierenden Instabilitäten des OS (u.a. explorer.exe funktioniert nicht mehr) und extremen Geschwindigkeitsproblemen berichtet hat. Das kann ich so bestätigen, es ist fast unerträglich mit diesem Rechner ein Programm zu öffnen o.ä. Nachdem ich zuerst dachte, dass es mit einem Durchlauf mit MBAM zu beheben wäre, suche ich jetzt doch bei euch Rat, da die Infizierung des Rechners wohl weitläufiger ist, als angenommen. Gefunden wurde der im Threadtitel erwähnte Trojaner Trojan.FakeMS.ED in einer DLL-Datei in c:\program data\...anbei erstmal alle Logs der bisher durchgeführten Scans. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:18 on 06/12/2014 (finja)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014 Ran by finja (administrator) on FINJA-PC on 06-12-2014 09:20:56 Running from C:\Users\finja\Desktop Loaded Profile: finja (Available profiles: finja) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [768520 2008-07-25] (Dritek System Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-07-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [49152 2008-05-09] (eMachines) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\MountPoints2: I - I:\LaunchU3.exe -a GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-717213786-2690546565-922636609-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [.DEFAULT] => http=127.0.0.1:53278;https=127.0.0.1:53278 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKU\.DEFAULT -> {31BB071C-45F4-4DAD-BF5E-AD495B3B2FC8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> DefaultScope {0DE76405-1CA2-4197-98FF-E6340A0B93E8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin SearchScopes: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> {0DE76405-1CA2-4197-98FF-E6340A0B93E8} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> No Name - {FA23121F-EE7C-4BD8-8C06-123D087282C5} - No File Toolbar: HKU\S-1-5-21-717213786-2690546565-922636609-1000 -> No Name - {F2413FFA-9DCC-48B3-A09A-625F44D7FA96} - No File DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.179.1 FireFox: ======== FF ProfilePath: C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 38159 FF NetworkProxy: "no_proxies_on", "localho,t,127.0.0.1,*origin.com,*ea.com,*akamaihd.net" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-717213786-2690546565-922636609-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\webssearches.xml FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\1c021e811b224beba7ca0a1c@13f4ea57cb304bae95228b2f9e68.com [2014-11-11] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\ae890d63edd74e6c8739fc18@c5d8be9efbac4fe184bfab.com [2014-11-04] FF Extension: 06997db0c0274d5fbd37b0d9230226ea - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-11-06] FF Extension: Microsoft .NET Framework Assistant - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-11-04] FF Extension: PriceFountain - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2014-11-06] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\tylerkeith11@aol.com [Not Found] FF Extension: No Name - C:\Users\finja\AppData\Roaming\Mozilla\Firefox\Profiles\jqycb923.default\extensions\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}.xpi [Not Found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] FF Extension: No Name - {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5} [Not Found] FF Extension: No Name - 3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] FF Extension: No Name - tylerkeith11@aol.com [Not Found] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR StartMenuInternet: Google Chrome - chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] S2 compilerehtraceProt.exe; C:\Users\finja\AppData\Local\compilerehtraceProt\compilerehtraceProt.exe [X] S2 evrtspkgBckp.exe; C:\Users\finja\AppData\Local\evrtspkgBckp\evrtspkgBckp.exe [X] S2 FrozenGNUThumbnail.exe; C:\Users\finja\AppData\Local\FrozenGNUThumbnail\FrozenGNUThumbnail.exe [X] S2 FrozenSambaWindows.exe; C:\Users\finja\AppData\Local\FrozenSambaWindows\FrozenSambaWindows.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2014-12-05] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R1 MpKsl5421b1e8; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB19E517-5918-4579-8B90-D6C1402891F0}\MpKsl5421b1e8.sys [39464 2014-12-05] (Microsoft Corporation) S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation) S3 BS2521310881; \??\C:\Users\finja\AppData\Local\Temp\NTFS.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 09:20 - 2014-12-06 09:21 - 00015414 _____ () C:\Users\finja\Desktop\FRST.txt 2014-12-06 09:20 - 2014-12-06 09:21 - 00000000 ____D () C:\FRST 2014-12-06 09:19 - 2014-12-06 09:19 - 01110016 _____ (Farbar) C:\Users\finja\Desktop\FRST.exe 2014-12-06 09:18 - 2014-12-06 09:18 - 00000472 _____ () C:\Users\finja\Desktop\defogger_disable.log 2014-12-06 09:18 - 2014-12-06 09:18 - 00000000 _____ () C:\Users\finja\defogger_reenable 2014-12-06 09:17 - 2014-12-06 09:17 - 00050477 _____ () C:\Users\finja\Desktop\Defogger.exe 2014-12-06 08:40 - 2014-12-06 08:50 - 00003570 _____ () C:\Users\finja\Desktop\Rkill.txt 2014-12-06 08:39 - 2014-12-06 08:39 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\finja\Downloads\rkill.exe 2014-12-05 21:51 - 2014-12-06 08:53 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-05 21:51 - 2014-12-05 21:53 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-05 21:50 - 2014-12-05 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-05 21:50 - 2014-12-05 21:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-05 21:50 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-05 21:50 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-05 21:50 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-05 21:07 - 2014-12-05 21:07 - 00000055 _____ () C:\AdwCleanerDebug.txt 2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-12-05 20:49 - 2014-12-05 20:49 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-12-05 20:32 - 2014-12-05 20:32 - 00011842 _____ () C:\Windows\system32\.crusader 2014-12-05 20:01 - 2014-12-05 20:32 - 00000000 ____D () C:\Users\finja\AppData\Local\gnuutilityUI 2014-12-05 20:01 - 2014-12-05 20:02 - 00000000 ____D () C:\Windows\system32\guicca32 2014-12-05 19:40 - 2014-12-05 19:40 - 263670483 _____ () C:\Windows\MEMORY.DMP 2014-12-05 19:40 - 2014-12-05 19:40 - 00145784 _____ () C:\Windows\Minidump\Mini120514-01.dmp 2014-12-05 19:39 - 2014-12-05 19:39 - 00000000 ____D () C:\Temp 2014-12-05 13:33 - 2014-12-05 20:08 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-04 20:43 - 2014-12-04 20:43 - 00000000 ____D () C:\Users\finja\AppData\Local\Microsoft Corporation 2014-12-03 19:45 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\ZorkoKcesd 2014-12-02 19:37 - 2014-12-02 19:37 - 00000000 ____D () C:\Windows\system32\utilitylocalspl_86 2014-12-02 19:34 - 2014-12-02 19:34 - 00000000 ____D () C:\Windows\system32\scrollingwin32Prot 2014-12-01 11:06 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\EedtaWbezm 2014-12-01 11:06 - 2014-12-05 21:45 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2014-11-29 20:02 - 2014-11-29 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2014-11-29 20:02 - 2014-11-29 20:02 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2014-11-28 20:51 - 2014-11-28 20:51 - 00000000 ____D () C:\ProgramData\UUdb 2014-11-27 22:42 - 2014-11-27 22:42 - 00000000 ____D () C:\Program Files\Microsoft ATS 2014-11-27 22:33 - 2014-11-27 22:33 - 11473216 _____ (Microsoft Corporation) C:\Users\finja\Downloads\mseinstall (1).exe 2014-11-27 22:31 - 2014-11-27 22:31 - 11473216 _____ (Microsoft Corporation) C:\Users\finja\Downloads\mseinstall.exe 2014-11-27 22:23 - 2014-11-27 22:23 - 00001998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2014-11-27 22:23 - 2014-11-27 22:23 - 00001986 _____ () C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk 2014-11-27 22:23 - 2014-11-27 22:23 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor 2014-11-27 21:25 - 2014-11-27 21:25 - 00000000 ____D () C:\Windows\system32\DesktopMBRText 2014-11-25 15:33 - 2014-12-05 20:32 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-19 21:31 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 14:27 - 2014-11-13 14:27 - 00000951 _____ () C:\Users\finja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-13 13:30 - 2014-11-13 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-13 13:25 - 2014-11-13 13:25 - 00000000 ____D () C:\Windows\ERUNT 2014-11-13 13:15 - 2014-12-05 21:09 - 00000000 ____D () C:\AdwCleaner 2014-11-13 12:54 - 2014-12-05 13:56 - 00001356 _____ () C:\Users\finja\AppData\Local\d3d9caps.dat 2014-11-12 23:01 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 23:01 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 23:01 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 23:01 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 22:59 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 22:59 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 22:59 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 22:56 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 22:53 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 22:53 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 22:53 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 07:47 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 07:45 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 22:20 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 22:20 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 22:20 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 22:20 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 22:20 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 22:20 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 22:20 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-11 22:20 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 22:20 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 22:20 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-11 22:20 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-11 22:20 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-11 22:20 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-11 22:20 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 08:42 - 2014-11-11 08:42 - 00000000 ____D () C:\Users\finja\AppData\Roaming\AdvancedSystemProtector 2014-11-11 08:40 - 2014-12-06 08:46 - 00001340 _____ () C:\Windows\Tasks\XPGILDE.job 2014-11-11 08:39 - 2014-12-06 08:43 - 00001684 _____ () C:\Windows\Tasks\MQZDOUD.job 2014-11-11 08:33 - 2014-11-11 08:36 - 01057112 _____ (Installer Setup ) C:\Users\finja\Downloads\installer_java_German.exe 2014-11-10 21:27 - 2014-12-05 19:40 - 00000000 ____D () C:\Windows\Minidump 2014-11-08 21:59 - 2014-12-05 22:17 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 2014-11-06 21:02 - 2014-11-06 21:02 - 00000000 ____D () C:\Users\finja\AppData\Local\Macromedia 2014-11-06 20:47 - 2014-11-13 12:44 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-11-06 20:30 - 2014-11-06 20:30 - 00000003 _____ () C:\Users\finja\Downloads\C ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 09:18 - 2009-05-16 15:26 - 00000000 ____D () C:\Users\finja 2014-12-06 08:56 - 2009-02-27 09:31 - 01196410 _____ () C:\Windows\WindowsUpdate.log 2014-12-05 22:17 - 2014-10-28 11:28 - 00000000 ____D () C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65 2014-12-05 21:41 - 2009-02-27 10:20 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-12-05 21:41 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-05 21:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-05 21:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-05 21:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-12-05 21:19 - 2006-11-02 14:01 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-05 21:10 - 2014-06-08 13:02 - 00037648 _____ () C:\Windows\PFRO.log 2014-12-05 20:49 - 2014-11-02 19:50 - 00000000 ____D () C:\Windows\system32\JREMetafilePublic 2014-12-05 13:34 - 2008-01-21 08:16 - 01598580 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-28 20:51 - 2011-04-11 19:26 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung 2014-11-26 18:48 - 2009-05-16 15:28 - 00000000 ____D () C:\Users\finja\AppData\Roaming\Macromedia 2014-11-26 18:28 - 2008-08-15 00:15 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-13 14:30 - 2014-11-04 07:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-13 14:29 - 2008-08-15 00:11 - 00000000 ____D () C:\Program Files\Google 2014-11-13 14:27 - 2009-05-16 15:28 - 00000000 ____D () C:\Users\finja\AppData\Local\Google 2014-11-13 14:25 - 2014-11-04 07:59 - 00000000 ____D () C:\Program Files\F978377C-B7D4-4536-8E10-14CA97B13394 2014-11-13 14:25 - 2014-10-16 07:42 - 00000000 ____D () C:\Program Files\CouponArific 2014-11-13 14:25 - 2014-10-16 07:42 - 00000000 ____D () C:\Program Files\35556262-902E-49AE-8622-66E14F1F041C 2014-11-13 14:25 - 2013-10-26 18:28 - 00000000 ____D () C:\Program Files\WiseConvert_1.3_B2 2014-11-13 13:55 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-11-13 13:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-13 13:18 - 2011-04-11 19:27 - 00000885 _____ () C:\Users\finja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk 2014-11-12 23:04 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-12 23:01 - 2008-08-15 00:16 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-12 22:52 - 2013-08-02 19:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 22:47 - 2014-06-04 20:19 - 00000106 _____ () C:\Users\finja\AppData\Roaming\WB.CFG 2014-11-12 22:39 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-12 22:27 - 2006-11-02 11:23 - 00000321 _____ () C:\Windows\win.ini 2014-11-12 14:45 - 2006-11-02 13:47 - 00393944 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-08 21:15 - 2014-11-02 19:57 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-06 20:56 - 2014-11-02 19:50 - 00000000 ____D () C:\Program Files\Free Flash Plugin 2014-11-06 20:49 - 2012-08-10 17:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-06 20:49 - 2011-12-26 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-06 20:49 - 2009-05-16 16:07 - 00000000 ____D () C:\Users\finja\AppData\Local\Adobe Files to move or delete: ==================== C:\Users\finja\remove.exe Some content of TEMP: ==================== C:\Users\finja\AppData\Local\Temp\Quarantine.exe C:\Users\finja\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 21:52 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014
Ran by finja at 2014-12-06 09:22:25
Running from C:\Users\finja\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.0.1101.18 - Alps Electric)
Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Build-a-lot (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}) (Version: - Oberon Media)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}) (Version: - Oberon Media)
DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dream Day First Home (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eDeals version 1.0 (HKLM\...\eDeals_is1) (Version: 1.0 - eDeals)
eMachines (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}) (Version: - Oberon Media)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.0902 - Acer Incorporated)
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Garmin BaseCamp (HKLM\...\{7C69F731-6471-48FE-899B-1C40F80042C7}) (Version: 4.4.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2012.20 Update (HKLM\...\{6D3A83A6-8F72-4354-A80D-721D1E54FC76}) (Version: 15.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.498 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.498 - InterVideo Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Luxor (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}) (Version: - Oberon Media)
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
myphotobook.de (HKLM\...\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.4.3 - myphotobook GmbH)
myphotobook.de (Version: 1.4.3 - myphotobook GmbH) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6325 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6325 - NewTech Infosystems) Hidden
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Steuer 2012 (HKU\S-1-5-21-717213786-2690546565-922636609-1000\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version: - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{5D39BBA0-67EE-42FE-8640-57C456AE4C8A}\InprocServer32 -> C:\Users\finja\AppData\LocalLow\WiseConvert_1.3_B2\prxtbWis0.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\finja\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-717213786-2690546565-922636609-1000_Classes\CLSID\{F9E1BD9A-84B5-4D12-9195-0B3E7D86FD35}\InprocServer32 -> C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll (Microsoft Corporation)
==================== Restore Points =========================
05-12-2014 19:07:39 Prüfpunkt von HitmanPro
05-12-2014 19:31:46 Prüfpunkt von HitmanPro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2014-12-06 09:03 - 00000732 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1045E6B6-E707-475F-97CD-571E06C36511} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-4 No Task File <==== ATTENTION
Task: {1245B223-395D-46A5-93D1-C9AE1D55861B} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {12725841-0DB7-461B-94D5-8A90F6589009} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {1EB9CADD-2506-46E7-96AD-5CBB99CAD30C} - \9038396b-6856-4ead-9ee7-1215f651f0aa No Task File <==== ATTENTION
Task: {26928486-85D4-43D1-846F-D5189AE90D56} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-1 No Task File <==== ATTENTION
Task: {33B6F316-29F5-4DEA-A8CC-B9249563A4AB} - \04b071f9-0b45-4ff0-af73-073c440df543-11 No Task File <==== ATTENTION
Task: {3738576E-1797-480B-AB26-9BECD9BC9AB1} - \04b071f9-0b45-4ff0-af73-073c440df543-4 No Task File <==== ATTENTION
Task: {4BF96ACD-C54D-472D-BD3D-8C4495786051} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-5_user No Task File <==== ATTENTION
Task: {50B6DF40-8A74-4768-B9E7-44B068036A93} - \04b071f9-0b45-4ff0-af73-073c440df543-3 No Task File <==== ATTENTION
Task: {521C87B6-4ECD-45FA-A21F-0987123DD4C6} - \afbfdcf4-7553-4735-ab81-4373cca9a051-6 No Task File <==== ATTENTION
Task: {547E6824-355F-4AC3-8FBC-7E4FBF25D3EF} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5 No Task File <==== ATTENTION
Task: {5E8F5D12-D836-4FA2-A55F-60B345663AEB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {665589FE-FED9-450D-8CAC-BCD6A34E666E} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-2 No Task File <==== ATTENTION
Task: {6ED78F91-0AE2-43BA-8C76-47269CF7A210} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-2 No Task File <==== ATTENTION
Task: {793BBF80-2488-4871-8D11-6A461B28C8DE} - System32\Tasks\MQZDOUD => C:\Users\finja\AppData\Roaming\MQZDOUD.exe <==== ATTENTION
Task: {7BC36AEC-816F-4BC2-93E6-9836D38AAD73} - \04b071f9-0b45-4ff0-af73-073c440df543-1 No Task File <==== ATTENTION
Task: {88A4BAC1-045F-4DEC-B932-AEFCD853FCBB} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-11 No Task File <==== ATTENTION
Task: {8C6325F8-822B-4446-8F5E-79B27AA3A5D0} - \04b071f9-0b45-4ff0-af73-073c440df543-5_user No Task File <==== ATTENTION
Task: {928B2F3B-2C64-4AED-9F1B-93315F01FBDC} - \afbfdcf4-7553-4735-ab81-4373cca9a051-7 No Task File <==== ATTENTION
Task: {99F31AC3-75A5-427A-A9A1-F7B67F954F82} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-1 No Task File <==== ATTENTION
Task: {A983A371-8E43-4C81-AB3D-1793E6C729DD} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-5_user No Task File <==== ATTENTION
Task: {ADB99999-9CE5-4C49-8F93-40086B7A25B0} - \afbfdcf4-7553-4735-ab81-4373cca9a051-11 No Task File <==== ATTENTION
Task: {B07D5064-3E65-4825-82D2-D8ABAFA800DB} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-4 No Task File <==== ATTENTION
Task: {B2DE553E-4F93-444A-B89F-264EA7144119} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-03-16] (1und1 Mail und Media GmbH)
Task: {B30E872D-50B8-4BC9-97FA-EE9C0D46B1D1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - finja => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {B31760E5-4C25-4B17-AA41-19EBAB4B5530} - System32\Tasks\XPGILDE => C:\Users\finja\AppData\Roaming\XPGILDE.exe <==== ATTENTION
Task: {CD87FD16-CBAA-439E-97ED-F35F08A43569} - \4d0ec2e7-584d-427b-a601-b9b87a4eb405-5 No Task File <==== ATTENTION
Task: {D577D774-768A-41F6-807D-4B88E2B8F71A} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-3 No Task File <==== ATTENTION
Task: {E911148E-9670-41D8-BAE6-AB49D00F4C5E} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-11 No Task File <==== ATTENTION
Task: {EAA78C2F-DE4A-448D-B187-69456B16B48A} - \04b071f9-0b45-4ff0-af73-073c440df543-5 No Task File <==== ATTENTION
Task: {F5A45096-AF42-4D57-AAD9-D9BDE4DCFFCD} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-7 No Task File <==== ATTENTION
Task: {F6739869-2927-42C5-B8E3-6A24E4A7A5A4} - \04b071f9-0b45-4ff0-af73-073c440df543-2 No Task File <==== ATTENTION
Task: {FB314ECF-96F0-41DC-8CC2-C2561140CB57} - \01ce284f-8b14-4b5a-ac9a-14ba09efbf4d-6 No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\MQZDOUD.job => C:\Users\finja\AppData\Roaming\MQZDOUD.exe <==== ATTENTION
Task: C:\Windows\Tasks\XPGILDE.job => C:\Users\finja\AppData\Roaming\XPGILDE.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2009-02-27 10:19 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
2009-02-27 10:19 - 2009-02-27 10:19 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-02-27 10:19 - 2009-02-27 10:19 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-02-27 10:20 - 2009-02-27 10:20 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-07-30 05:01 - 2003-06-07 06:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-717213786-2690546565-922636609-500 - Administrator - Disabled)
finja (S-1-5-21-717213786-2690546565-922636609-1000 - Administrator - Enabled) => C:\Users\finja
Gast (S-1-5-21-717213786-2690546565-922636609-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/05/2014 09:43:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2014 09:15:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung explorer.exe, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00aab3d6,
Prozess-ID 0xb50, Anwendungsstartzeit explorer.exe0.
Error: (12/05/2014 09:13:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Reader_sl.exe, Version 10.1.12.15, Zeitstempel 0x54083e61, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xf1c, Anwendungsstartzeit Reader_sl.exe0.
Error: (12/05/2014 09:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung ehtray.exe, Version 6.0.6001.18000, Zeitstempel 0x4791938f, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xf24, Anwendungsstartzeit ehtray.exe0.
Error: (12/05/2014 09:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung msseces.exe, Version 4.6.305.0, Zeitstempel 0x53f79c0e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xeb0, Anwendungsstartzeit msseces.exe0.
Error: (12/05/2014 09:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung igfxpers.exe, Version 8.15.10.2202, Zeitstempel 0x4c756824, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xe88, Anwendungsstartzeit igfxpers.exe0.
Error: (12/05/2014 09:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung igfxtray.exe, Version 8.15.10.2202, Zeitstempel 0x4c75683c, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xe4c, Anwendungsstartzeit igfxtray.exe0.
Error: (12/05/2014 09:12:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2014 08:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung tdsskiller.exe, Version 3.0.0.41, Zeitstempel 0x544faf36, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0xe9c, Anwendungsstartzeit tdsskiller.exe0.
Error: (12/05/2014 08:54:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung cdsupdclient.exe, Version 2.0.3.60, Zeitstempel 0x533946fa, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x8bfc7d8b,
Prozess-ID 0xf88, Anwendungsstartzeit cdsupdclient.exe0.
System errors:
=============
Error: (12/06/2014 08:40:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: utilitylocalspl_861
Error: (12/06/2014 08:40:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: scrollingwin32Prot1
Error: (12/06/2014 08:40:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: guicca321
Error: (12/06/2014 08:40:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: DesktopMBRText1
Error: (12/06/2014 08:40:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: gnuutilityUI.exe1
Error: (12/05/2014 09:43:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: gnuutilityUI.exe
Error: (12/05/2014 09:43:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: FrozenSambaWindows.exe%%3
Error: (12/05/2014 09:43:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: FrozenGNUThumbnail.exe%%3
Error: (12/05/2014 09:43:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: evrtspkgBckp.exe%%3
Error: (12/05/2014 09:43:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: compilerehtraceProt.exe%%3
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-06 09:22:12.373
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:22:11.583
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:22:10.543
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:22:09.333
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:19:33.862
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:19:32.609
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:19:31.658
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:19:30.466
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:00:38.972
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 09:00:37.989
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 56%
Total physical RAM: 3001.08 MB
Available physical RAM: 1320.47 MB
Total Pagefile: 6232.43 MB
Available Pagefile: 4528.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1869.68 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:288.08 GB) (Free:238.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive j: () (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 93D3AC9B)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=288.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-06 10:24:00
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB
Running: v5shw8ku.exe; Driver: C:\Users\finja\AppData\Local\Temp\ugloypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\taskeng.exe[396] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0302BAB6
.text C:\Windows\system32\taskeng.exe[396] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0302BB79
.text C:\Windows\system32\taskeng.exe[396] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0302BCFE
.text C:\Windows\system32\taskeng.exe[396] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0302BC38
.text C:\Windows\system32\taskeng.exe[396] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0302A55A
.text C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[1396] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0406B285
.text C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[1396] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0406B32B
.text C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0406B476
.text C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0406B3CD
.text C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[1396] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 04069D69
.text C:\Windows\system32\wbem\unsecapp.exe[1856] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 01B6B285
.text C:\Windows\system32\wbem\unsecapp.exe[1856] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 01B6B32B
.text C:\Windows\system32\wbem\unsecapp.exe[1856] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 01B6B476
.text C:\Windows\system32\wbem\unsecapp.exe[1856] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 01B6B3CD
.text C:\Windows\system32\wbem\unsecapp.exe[1856] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 01B69D69
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[2576] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0079B285
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[2576] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0079B32B
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[2576] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0079B476
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[2576] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0079B3CD
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[2576] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 00799D69
.text C:\Windows\system32\igfxsrvc.exe[3036] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 01D0BAB6
.text C:\Windows\system32\igfxsrvc.exe[3036] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 01D0BB79
.text C:\Windows\system32\igfxsrvc.exe[3036] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 01D0BCFE
.text C:\Windows\system32\igfxsrvc.exe[3036] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 01D0BC38
.text C:\Windows\system32\igfxsrvc.exe[3036] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 01D0A55A
.text C:\Windows\System32\mobsync.exe[3072] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0226BAB6
.text C:\Windows\System32\mobsync.exe[3072] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0226BB79
.text C:\Windows\System32\mobsync.exe[3072] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0226BCFE
.text C:\Windows\System32\mobsync.exe[3072] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0226BC38
.text C:\Windows\System32\mobsync.exe[3072] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0226A55A
.text C:\Program Files\Apoint2K\Apntex.exe[3140] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0199B285
.text C:\Program Files\Apoint2K\Apntex.exe[3140] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0199B32B
.text C:\Program Files\Apoint2K\Apntex.exe[3140] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0199B476
.text C:\Program Files\Apoint2K\Apntex.exe[3140] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0199B3CD
.text C:\Program Files\Apoint2K\Apntex.exe[3140] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 01999D69
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] kernel32.dll!CreateThread 7790CBEE 5 Bytes JMP 6DFB74FB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!EnableWindow 7633CD8B 5 Bytes JMP 6DFFA25C C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DefWindowProcA 7633DB88 7 Bytes JMP 6DFB9729 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!CreateWindowExA 7633DC2A 5 Bytes JMP 6DFC353B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!CreateWindowExW 76341305 5 Bytes JMP 6E01FFDF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DefWindowProcW 763503B4 7 Bytes JMP 6E017C92 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxParamW 763610B0 5 Bytes JMP 6DF518E3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxIndirectParamW 76362EF5 5 Bytes JMP 6E14DBA6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxParamA 76378152 5 Bytes JMP 6E14DB41 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxIndirectParamA 7637847D 5 Bytes JMP 6E14DC0B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxIndirectA 7638D4D9 5 Bytes JMP 6E14DAC8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxIndirectW 7638D5D3 5 Bytes JMP 6E14DA4F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxExA 7638D639 5 Bytes JMP 6E14D9EB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxExW 7638D65D 5 Bytes JMP 6E14D987 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3276] ole32.dll!OleLoadFromStream 776F1E80 5 Bytes JMP 6E14E374 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Launch Manager\LManager.exe[3508] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0084BAB6
.text C:\Program Files\Launch Manager\LManager.exe[3508] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0084BB79
.text C:\Program Files\Launch Manager\LManager.exe[3508] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0084BCFE
.text C:\Program Files\Launch Manager\LManager.exe[3508] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0084BC38
.text C:\Program Files\Launch Manager\LManager.exe[3508] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0084A55A
.text C:\Program Files\Apoint2K\Apoint.exe[3564] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0273BAB6
.text C:\Program Files\Apoint2K\Apoint.exe[3564] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0273BB79
.text C:\Program Files\Apoint2K\Apoint.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0273BCFE
.text C:\Program Files\Apoint2K\Apoint.exe[3564] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0273BC38
.text C:\Program Files\Apoint2K\Apoint.exe[3564] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0273A55A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3680] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 02A0BAB6
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3680] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 02A0BB79
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3680] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 02A0BCFE
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3680] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 02A0BC38
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3680] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 02A0A55A
.text C:\Windows\System32\igfxtray.exe[3700] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0274BAB6
.text C:\Windows\System32\igfxtray.exe[3700] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0274BB79
.text C:\Windows\System32\igfxtray.exe[3700] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0274BCFE
.text C:\Windows\System32\igfxtray.exe[3700] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0274BC38
.text C:\Windows\System32\igfxtray.exe[3700] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0274A55A
.text C:\Windows\System32\hkcmd.exe[3708] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 02BABAB6
.text C:\Windows\System32\hkcmd.exe[3708] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 02BABB79
.text C:\Windows\System32\hkcmd.exe[3708] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 02BABCFE
.text C:\Windows\System32\hkcmd.exe[3708] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 02BABC38
.text C:\Windows\System32\hkcmd.exe[3708] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 02BAA55A
.text C:\Windows\System32\igfxpers.exe[3716] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 02C9BAB6
.text C:\Windows\System32\igfxpers.exe[3716] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 02C9BB79
.text C:\Windows\System32\igfxpers.exe[3716] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 02C9BCFE
.text C:\Windows\System32\igfxpers.exe[3716] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 02C9BC38
.text C:\Windows\System32\igfxpers.exe[3716] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 02C9A55A
.text C:\Program Files\Microsoft Security Client\msseces.exe[3756] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 0268BAB6
.text C:\Program Files\Microsoft Security Client\msseces.exe[3756] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 0268BB79
.text C:\Program Files\Microsoft Security Client\msseces.exe[3756] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 0268BCFE
.text C:\Program Files\Microsoft Security Client\msseces.exe[3756] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 0268BC38
.text C:\Program Files\Microsoft Security Client\msseces.exe[3756] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 0268A55A
.text C:\Windows\ehome\ehtray.exe[3860] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 02D9BAB6
.text C:\Windows\ehome\ehtray.exe[3860] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 02D9BB79
.text C:\Windows\ehome\ehtray.exe[3860] ADVAPI32.dll!CreateProcessAsUserA 7672CEB9 5 Bytes JMP 02D9BCFE
.text C:\Windows\ehome\ehtray.exe[3860] ADVAPI32.dll!CreateProcessAsUserW 76741EE9 5 Bytes JMP 02D9BC38
.text C:\Windows\ehome\ehtray.exe[3860] CRYPT32.dll!PFXImportCertStore 75CEA13D 5 Bytes JMP 02D9A55A
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Threads - GMER 2.1 ----
Thread explorer.exe [2620:2600] 02286884
Thread explorer.exe [2620:2388] 02286886
Thread explorer.exe [2620:1964] 02286886
Thread explorer.exe [4148:5312] 00449244
Thread explorer.exe [4148:5044] 00449246
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\933448FAA8F23954183BF9C44530C8E4\Usage@WinMailFeat 1166409757
---- EOF - GMER 2.1 ----
Code:
ATTFilter Rkill 2.6.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 12/06/2014 08:40:21 AM in x86 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\finja\AppData\Local\gnuutilityUI\gnuutilityUI.exe (PID: 2112) [UP-HEUR]
* C:\Windows\system32\DesktopMBRText\DesktopMBRText.exe (PID: 2004) [WD-HEUR]
* C:\Windows\system32\guicca32\guicca32.exe (PID: 3516) [WD-HEUR]
* C:\Windows\system32\scrollingwin32Prot\scrollingwin32Prot.exe (PID: 3968) [WD-HEUR]
* C:\Windows\system32\utilitylocalspl_86\utilitylocalspl_86.exe (PID: 3152) [WD-HEUR]
5 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* Windows-Firewall (MpsSvc) is not Running.
Startup Type set to: Disabled
* Sicherheitscenter (wscsvc) is not Running.
Startup Type set to: Disabled
* Windows-Firewallautorisierungstreiber (mpsdrv) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
127.0.0.1 d3oxij66pru1i3.cloudfront.net
Program finished at: 12/06/2014 08:50:20 AM
Execution time: 0 hours(s), 10 minute(s), and 26 seconds(s)
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Detection, 06.12.2014 08:27:35, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:36, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:36, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:41, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:41, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:41, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:41, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Detection, 06.12.2014 08:27:43, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Update, 06.12.2014 08:28:08, SYSTEM, FINJA-PC, Scheduler, Malware Database, 2014.12.5.11, 2014.12.6.4, Protection, 06.12.2014 08:28:08, SYSTEM, FINJA-PC, Protection, Refresh, Starting, Protection, 06.12.2014 08:28:08, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.12.2014 08:28:08, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopped, Detection, 06.12.2014 08:28:13, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [87b82639bbc171c553cfd21c659ccf31] Protection, 06.12.2014 08:29:17, SYSTEM, FINJA-PC, Protection, Refresh, Success, Protection, 06.12.2014 08:29:17, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Starting, Protection, 06.12.2014 08:29:22, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Started, Detection, 06.12.2014 08:29:23, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:29:27, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:29:39, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:29:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:30:01, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:30:29, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:30:41, finja, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:30:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:30:56, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:31:00, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:31:15, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:31:24, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:32:45, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:33:28, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:33:31, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:33:41, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:34:46, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:21, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:24, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:30, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:38, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:52, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:35:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:36:06, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:36:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:37:26, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:37:54, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, IP, 88.214.193.211, 49882, Outbound, C:\Windows\explorer.exe, Detection, 06.12.2014 08:38:10, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:38:15, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:38:26, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:38:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:38:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:39:25, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:39:44, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:39:53, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:40:32, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:40:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:41:09, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:41:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:42:46, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:42:51, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:47:23, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:50:16, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:51:46, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:52:02, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:02, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:03, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:06, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:14, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:17, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:53:38, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:58:47, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:58:50, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:58:55, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:58:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:02, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:07, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:13, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:18, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:24, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:29, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:33, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:40, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 08:59:48, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:00:17, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:00:29, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:00:50, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:01:11, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:01:18, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:01:34, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:02:43, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:02:49, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:02:52, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:02:57, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:03:15, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:03:36, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:03:40, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:03:48, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:03:58, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:05:54, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:14:19, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:14:51, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:14:54, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:15:03, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:16:07, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:16:47, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:16:51, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:00, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:19, finja, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:24, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:31, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:35, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:43, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Detection, 06.12.2014 09:17:47, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [cdcfe37c4c30261066cb3ab47f824bb5] Update, 06.12.2014 09:18:00, SYSTEM, FINJA-PC, Scheduler, Malware Database, 2014.12.6.4, 2014.12.6.5, Protection, 06.12.2014 09:18:00, SYSTEM, FINJA-PC, Protection, Refresh, Starting, Protection, 06.12.2014 09:18:00, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.12.2014 09:18:02, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.12.2014 09:19:29, SYSTEM, FINJA-PC, Protection, Refresh, Success, Protection, 06.12.2014 09:19:29, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Starting, Protection, 06.12.2014 09:19:34, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Started, Detection, 06.12.2014 09:19:35, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:19:50, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:19:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:20:42, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:20:47, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:20:50, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:20:56, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:21:03, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:21:07, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:21:44, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:21:50, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:22:18, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:22:21, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:22:35, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:20, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:31, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:34, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:52, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:23:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:24:03, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:24:08, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:24:18, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:24:23, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, IP, 88.214.193.211, 52561, Outbound, C:\Windows\explorer.exe, Detection, 06.12.2014 09:24:56, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:24:59, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Detection, 06.12.2014 09:25:32, SYSTEM, FINJA-PC, Protection, Malware Protection, File, Trojan.FakeMS.ED, C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}\actxprxy.dll, Quarantine Failed, 303, Queued for removal on reboot, [5e3f2a354f2d83b3151d935b1fe244bc] Protection, 06.12.2014 09:25:44, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopping, Protection, 06.12.2014 09:25:44, SYSTEM, FINJA-PC, Protection, Malicious Website Protection, Stopped, Protection, 06.12.2014 09:25:44, SYSTEM, FINJA-PC, Protection, Malware Protection, Stopping, Protection, 06.12.2014 09:25:44, SYSTEM, FINJA-PC, Protection, Malware Protection, Stopped, Protection, 06.12.2014 10:25:22, SYSTEM, FINJA-PC, Protection, Malware Protection, Starting, Protection, 06.12.2014 10:25:22, SYSTEM, FINJA-PC, Protection, Malware Protection, Started, (end) |
| Themen zu Trojan.FakeMS.ED in dll-Datei |
| adware, askbar, browser, computer, cpu, excel, failed, flash player, funktioniert nicht mehr, google, helper, home, launch, mozilla, outbound, popup, port, programm, refresh, registry, rundll, security, software, svchost.exe, symantec, system, trojaner, updates, usb, windows |
Baum-Darstellung