|
Log-Analyse und Auswertung: Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die WeiterarbeitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.01.2015, 09:36 | #1 |
| Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Guten Morgen, ich hoffe, ich habe jetzt alles richtig gemacht, um mein Problem zu posten. Seit Samstag ist es bei mir so, dass sich nach 5 bis 10 Minuten ein "Interpol"-Fenster öffnet, mit dem wohl bekannten Hinweis, dass man 100 € zahlen soll, damit der Rechner nicht gesperrt wird. Ich habe einen Kaspersky Virenscanner, der aber den Interpol-Virus/Trojaner nicht erkannt hat. Ich habe dann noch einen Scanner aus dem Netz geladen, der kommt aber nie ganz durch mit dem Scannen, weil sich vorher wieder das "Interpol"-Fenster öffnet. Was ich aber sehen kann, ist, dass 27 "Bedrohungen" in der Systemregistratur befinden. vielleicht sind es auch mehr, wie gesagt, ich komme nie bis zum Abschluss, weil das Fenster von "Interpol" dann öffnet. Ich habe auch Kaspersky untersuchen lassen, der hat, wenn ich mich recht erinnere, vier Bedrohungen gefunden und auch unschädlich gemacht. Ich kann weitere Infos auf Fragen leider erst heute Abend beantworten, da ich tagsüber im Büro bin. Viele Grüße und schon einmal ein Danke für die Hilfe. Jens |
26.01.2015, 09:39 | #2 |
/// the machine /// TB-Ausbilder | Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
26.01.2015, 19:11 | #3 |
| Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Hier, wie gewünscht, das Protokoll von FRST.
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01 Ran by SYSTEM on MINWINPC on 26-01-2015 19:01:25 Running from F:\ Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-27] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-17] (Synaptics, Inc.) HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.) HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated) HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-06] (Acer Incorporated) HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-01] (Dritek System Inc.) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] () HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google) HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-05-12] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-05-12] (CyberLink) HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.) HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-22] (Acer) HKLM\...\Run: [] => [X] HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1644744 2012-08-08] (Ask) HKLM\...\Run: [Google Updater] => C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-15] (Google) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\muckiwob1\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-02-19] (Google Inc.) HKU\muckiwob1\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\muckiwob1\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\muckiwob1\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26165568 2014-12-22] (SlimWare Utilities, Inc.) HKU\muckiwob1\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-21] (Google) Startup: C:\Users\muckiwob1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B59FCFA17.lnk ShortcutTarget: B59FCFA17.lnk -> C:\ProgramData\71AFCF95B.cpp () ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google) S2 gupdate1c99d03c292747; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.) S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-03] () S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-08] () S2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [222016 2014-12-22] (SlimWare Utilities, Inc.) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation) S4 0013351358452156mcinstcleanup; C:\Users\MUCKIW~1\AppData\Local\Temp\001335~1.EXE -cleanup -nolog [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.) S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.) S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-12] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-21] (Kaspersky Lab ZAO) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-12] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO) S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-06] (Kaspersky Lab ZAO) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-06] (Kaspersky Lab ZAO) S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation) S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-21] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\DRIVERS\AVerA310USB.sys 02E1C46C34F2D2843533C4F223867930 C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7 C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303 C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7 C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5 C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD C:\Windows\System32\DRIVERS\AGRSM.sys 38325C6AA8EAE011897D61CE48EC6435 C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360 C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91 C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578 C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48 C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522 C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945 C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1 C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4 C:\Windows\System32\DRIVERS\b57nd60x.sys 7D0F2BFA273831124FA08526AF48AF18 C:\Windows\System32\drivers\AVerA310Cap.sys 9347A2DDEE501C242A8E21990279D688 C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6 C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397 C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314 C:\Windows\System32\DRIVERS\circlass.sys E5D4133F37219DBCFE102BC61072589D C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132 C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56 C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629 C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871 C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410 C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\System32\DRIVERS\DKbFltr.sys 73BAF270D24FE726B9CD7F80BB17A23D C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80 C:\Windows\System32\drivers\dxgkrnl.sys 5C2C209CDEFBC51D83D66E8A53B2BE89 C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371 C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6 C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61 C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE C:\Windows\System32\Drivers\fastfat.sys 4E404505B3F62ECFBDBCBBCF0A72DBC5 C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05 C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5 C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5 C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidir.sys D8DF3722D5E961BAA1292AA2F12827E2 C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6 C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4 C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD C:\Windows\System32\DRIVERS\iaStor.sys 707C1692214B1C290271067197F075F6 C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\int15.sys C6E5276C00EBDEB096BB5EF4B797D1B6 C:\Windows\System32\drivers\RTKVHDA.sys 3CFA12FEFEA751DAE7B8133A6EF3C0D9 C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718 C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3 C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1 C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68 C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9 C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614 C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034 C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\jmcr.sys 858C550EBBD243826A2193262C1B54A3 C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7 C:\Windows\System32\DRIVERS\kl1.sys 871C226234A48C24DFE7478F36C0050C C:\Windows\System32\DRIVERS\klif.sys 3D4FC0A34DFDDB931D65001839D73A5F C:\Windows\System32\DRIVERS\klim6.sys 039FB019C92A16A54FE527D93B0CFB96 C:\Windows\System32\DRIVERS\klkbdflt.sys 249A266AF74ADE44AE8424E78D145E09 C:\Windows\System32\DRIVERS\klmouflt.sys 035724BA6D5676B76FD3AFB66AB4F1E3 C:\Windows\System32\DRIVERS\kltdi.sys 8FD802F86D4AB3FB329B8E51517BFF2A C:\Windows\System32\DRIVERS\kneps.sys 8F932DF10408BCABA2FCF6163C843F8E C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20 C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6 C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365 C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879 C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99 C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8 C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263 C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600 C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6 C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys B0584CA7DEF55929FDB5169BD28B2484 C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2 C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03 C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C C:\Windows\System32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7 C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515 C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62 C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07 C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416 C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42 C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61 C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389 C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3 C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3 C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78 C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6 C:\Windows\System32\DRIVERS\NETw5v32.sys E559EA9138C77B5D1FDA8C558764A25F C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26 C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7 C:\Windows\System32\DRIVERS\NTIDrvr.sys 2757D2BA59AEE155209E24942AB127C9 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys 547BFA3591C70674B0BFC99354AB78B3 C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E C:\Windows\System32\drivers\nvhda32v.sys 2C7AC27710E8D41C1EB7D1599187D237 C:\Windows\System32\DRIVERS\nvlddmkm.sys CB0D6F8F65B8766FF2AAAA78881FD9F8 C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101 C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177 C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9 C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1 C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA C:\Windows\System32\DRIVERS\psdfilter.sys AB94285FF6C6BC5433407D8D182A4BB4 C:\Windows\System32\DRIVERS\PSDNServ.sys 2AAF9A5D7A63D26BFAEA853C5F2292BC C:\Windows\System32\DRIVERS\PSDVdisk.sys 0EB8CEC99855BEAE5B0D02C2302619EF C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6 C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7 C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3 C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0 C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935 C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899 C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 126EA89BCC413EE45E3004FB0764888F C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624 C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86 C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5 C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979 C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3 C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2 C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94 C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04 C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91 C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44 C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56 C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys BF7AA84D5AF0FAA0978C840E63B17DBF C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966 C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966 C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7 C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56 C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021 C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54 C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7 C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38 C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F C:\Windows\System32\Drivers\UBHelper.sys F763E070843EE2803DE1395002B42938 C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6 C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27 C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2 C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2 C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888 C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD C:\Windows\System32\DRIVERS\usbuhci.sys 44056325428A8E4C755830426E29878F C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7 C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4 C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43 C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28 C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9 C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\winbondcir.sys 3FA87D56769838AAC82FAFC3E78FC732 C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl 4D840C6AF3C020ED3A35EFBA9025CF4A ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 19:00 - 2015-01-26 19:00 - 00000000 ____D () C:\FRST 2015-01-25 05:41 - 2015-01-25 05:41 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Nico Mak Computing 2015-01-25 05:40 - 2015-01-25 05:40 - 00000990 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2015-01-25 05:40 - 2015-01-25 05:40 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2015-01-25 05:40 - 2015-01-25 05:40 - 00000000 ____D () C:\Program Files\WinZip Malware Protector 2015-01-25 05:40 - 2013-03-15 08:01 - 00016384 _____ () C:\Windows\System32\wsusnative32.exe 2015-01-25 04:50 - 2015-01-25 04:50 - 00000000 ____D () C:\Users\muckiwob1\Option 2015-01-24 08:47 - 2015-01-24 08:47 - 00208896 _____ () C:\ProgramData\71AFCF95B.cpp 2015-01-24 08:15 - 2015-01-24 08:15 - 00001864 _____ () C:\Users\Public\Desktop\SlimCleaner Plus.lnk 2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\Downloaded Installers 2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc 2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\Program Files\SlimService 2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\Program Files\SlimCleaner Plus 2015-01-24 08:14 - 2015-01-24 08:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\SlimWare Utilities Inc 2015-01-24 08:14 - 2015-01-24 08:14 - 00013464 _____ () C:\Windows\System32\Drivers\SWDUMon.sys 2015-01-24 08:14 - 2015-01-24 08:14 - 00001856 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk 2015-01-24 08:14 - 2015-01-24 08:14 - 00000000 ____D () C:\Program Files\DriverUpdate 2015-01-24 08:13 - 2015-01-24 08:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2015-01-24 06:28 - 2015-01-24 06:28 - 00215475 _____ (TODO: <Company name>) C:\Windows\oem_uninst.exe 2015-01-24 06:25 - 2015-01-24 06:25 - 00000000 ____D () C:\Program Files\DLLSuite 2015-01-24 05:40 - 2015-01-24 05:40 - 00000906 _____ () C:\Users\muckiwob1\Desktop\ParetoLogic PC Health Advisor.lnk 2015-01-24 05:40 - 2015-01-24 05:40 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\ParetoLogic 2015-01-24 05:40 - 2015-01-24 05:40 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\DriverCure 2015-01-24 05:40 - 2015-01-24 05:40 - 00000000 ____D () C:\ProgramData\ParetoLogic 2015-01-24 05:40 - 2015-01-24 05:40 - 00000000 ____D () C:\Program Files\ParetoLogic 2015-01-24 05:40 - 2015-01-24 05:40 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic 2015-01-24 05:08 - 2015-01-25 05:11 - 00262144 _____ () C:\Windows\System32\config\elam 2015-01-18 06:23 - 2014-12-18 16:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys 2015-01-18 05:42 - 2014-12-05 19:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2015-01-18 05:42 - 2014-12-05 19:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2015-01-18 05:42 - 2014-12-05 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2015-01-18 05:41 - 2014-12-05 19:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 09:55 - 2013-01-17 12:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-26 09:55 - 2008-11-04 22:07 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml 2015-01-26 09:55 - 2008-04-18 01:49 - 00000147 _____ () C:\Windows\System32\agent.log 2015-01-26 09:54 - 2009-02-28 06:13 - 00028219 _____ () C:\ProgramData\nvModes.001 2015-01-26 09:53 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-26 09:53 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-26 09:52 - 2008-01-20 18:47 - 06818752 _____ () C:\Windows\PFRO.log 2015-01-25 06:22 - 2008-01-20 23:16 - 00679016 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-01-25 06:15 - 2008-11-04 21:13 - 01691543 _____ () C:\Windows\WindowsUpdate.log 2015-01-25 05:19 - 2012-11-11 11:43 - 00000000 ____D () C:\Windows\Minidump 2015-01-25 05:19 - 2010-09-11 14:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\skypePM 2015-01-25 05:19 - 2010-09-11 14:16 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Skype 2015-01-25 05:19 - 2009-02-20 10:08 - 00000000 ____D () C:\Users\muckiwob1\Tracing 2015-01-25 05:19 - 2007-07-11 17:49 - 00000000 ____D () C:\Windows\Panther 2015-01-25 05:19 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\LogFiles 2015-01-25 04:58 - 2008-04-18 01:43 - 00000000 ____D () C:\Program Files\eSobi 2015-01-25 04:58 - 2008-04-18 00:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-25 04:50 - 2009-02-19 09:36 - 00000000 ____D () C:\users\muckiwob1 2015-01-24 05:07 - 2009-08-20 09:38 - 00000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat 2015-01-18 06:23 - 2013-08-18 08:34 - 00000000 ____D () C:\Windows\System32\MRT 2015-01-18 05:44 - 2006-11-02 02:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe 2015-01-17 07:33 - 2012-11-21 12:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2015-01-17 07:33 - 2012-11-21 12:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2015-01-08 00:55 - 2011-04-16 09:44 - 00249488 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2015-01-04 10:55 - 2011-01-04 07:32 - 00000000 ____D () C:\Users\muckiwob1\Documents\Bärbel Files to move or delete: ==================== C:\Users\muckiwob1\AppData\Roaming\skype.ini Some content of TEMP: ==================== C:\Users\muckiwob1\AppData\Local\Temp\RtkBtMnt.exe C:\Users\muckiwob1\AppData\Local\Temp\scpD423.tmp.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-11-21 09:28:44 Restore point made on: 2014-11-22 06:46:42 Restore point made on: 2014-11-30 05:32:40 Restore point made on: 2014-12-07 05:31:30 Restore point made on: 2014-12-14 09:08:32 Restore point made on: 2014-12-20 07:55:28 Restore point made on: 2014-12-20 09:03:37 Restore point made on: 2014-12-21 04:58:35 Restore point made on: 2014-12-22 04:10:22 Restore point made on: 2014-12-23 06:00:21 Restore point made on: 2014-12-26 03:01:23 Restore point made on: 2015-01-02 05:09:41 Restore point made on: 2015-01-03 06:40:59 Restore point made on: 2015-01-04 05:40:10 Restore point made on: 2015-01-10 06:53:28 Restore point made on: 2015-01-11 06:08:55 Restore point made on: 2015-01-17 06:48:10 Restore point made on: 2015-01-18 05:41:30 Restore point made on: 2015-01-20 09:27:10 Restore point made on: 2015-01-20 10:19:14 Restore point made on: 2015-01-23 10:02:15 Restore point made on: 2015-01-24 04:13:37 Restore point made on: 2015-01-24 08:24:07 Restore point made on: 2015-01-24 09:40:39 Restore point made on: 2015-01-24 09:44:54 Restore point made on: 2015-01-25 04:41:12 Restore point made on: 2015-01-25 04:57:01 ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {fdcbb73c-0d74-11dd-82e0-001e68556efb} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device partition=X: path \windows\system32\boot\winload.exe description Windows Recovery Environment osdevice partition=X: systemroot \windows nx OptIn detecthal Yes winpe Yes Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Microsoft Windows Vista locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {fdcbb73c-0d74-11dd-82e0-001e68556efb} nx OptIn increaseuserva 2900 Resume from Hibernate --------------------- identifier {fdcbb73c-0d74-11dd-82e0-001e68556efb} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes Windows Legacy OS Loader ------------------------ identifier {ntldr} device unknown path \ntldr description Frhere Windows-Version EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 4090.07 MB Available physical RAM: 3731.99 MB Total Pagefile: 3955.8 MB Available Pagefile: 3790.55 MB Total Virtual: 2047.88 MB Available Virtual: 1980.18 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:58.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:126.12 GB) NTFS Drive f: () (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32 Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.35 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: F604BC3A) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.8 GB) - (Type=0C) LastRegBack: 2015-01-25 06:20 ==================== End Of Log ============================ |
27.01.2015, 07:24 | #4 |
/// the machine /// TB-Ausbilder | Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\muckiwob1\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION Startup: C:\Users\muckiwob1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B59FCFA17.lnk ShortcutTarget: B59FCFA17.lnk -> C:\ProgramData\71AFCF95B.cpp () C:\Users\muckiwob1\AppData\Roaming\skype.ini C:\Users\muckiwob1\AppData\Roaming\skype.dat C:\ProgramData\71AFCF95B.cpp Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Rechner normal starten, dann im normalen Modus: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.01.2015, 07:41 | #5 |
| Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Guten Morgen schrauber, nur um nix falsch zu machen: Ich fahre den Rechner erst ganz normal hoch und drücke dann die Windows + R-Taste ? Oder in einem speziellen Modus hochfahren ? Mein FRST befindet sich auf dem gestern benötigten stick. Dorthin auch die Fixlog kopieren und trotzdem beim späteren normalen Start des Rechners die FRST noch mal auf den Desktop runterladen Ich muss ja mal sagen, wenn so ein Virus/Trojaner nicht so verdammt sch.... wäre, würde das hier richtig Spaß machen :-) |
27.01.2015, 11:57 | #6 |
/// the machine /// TB-Ausbilder | Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Der befallen Rechner ist in der Recovery, dort wo du auch per Stick den Scan gemacht hast. Auf einem andern Rechner die fixlist erstellen, auf dem Stick speichern. In der Recovery den Fix machen. Rechner normal starten, FRST neu laden, auf den Desktop, dann den Scan.
__________________ --> Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit |
27.01.2015, 18:05 | #7 |
| Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Hier schon mal der Fixlog, die anderen beiden Files kommen gleich nach. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01 Ran by SYSTEM at 2015-01-27 17:28:24 Run:1 Running from F:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\muckiwob1\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION Startup: C:\Users\muckiwob1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B59FCFA17.lnk ShortcutTarget: B59FCFA17.lnk -> C:\ProgramData\71AFCF95B.cpp () C:\Users\muckiwob1\AppData\Roaming\skype.ini C:\Users\muckiwob1\AppData\Roaming\skype.dat C:\ProgramData\71AFCF95B.cpp Emptytemp: ***************** HKU\muckiwob1\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. C:\Users\muckiwob1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B59FCFA17.lnk => Moved successfully. C:\ProgramData\71AFCF95B.cpp => Moved successfully. C:\Users\muckiwob1\AppData\Roaming\skype.ini => Moved successfully. "C:\Users\muckiwob1\AppData\Roaming\skype.dat" => File/Directory not found. "C:\ProgramData\71AFCF95B.cpp" => File/Directory not found. Emptytemp: => Error: This directive works only outside recovery mode. ==== End of Fixlog 17:28:25 ==== FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01 Ran by muckiwob1 (administrator) on WENDSCHOTT on 27-01-2015 17:44:18 Running from C:\Users\muckiwob1\Desktop Loaded Profiles: muckiwob1 (Available profiles: muckiwob1) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Nico Mak Computing) C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\ACER\Mobility Center\MobilityService.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () C:\Program Files\Cyberlink\Shared files\RichVideo.exe (SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE () C:\Windows\PLFSetI.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Realtek Semiconductor Corp.) C:\Users\muckiwob1\AppData\Local\Temp\RtkBtMnt.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_257_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-28] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-18] (Synaptics, Inc.) HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.) HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated) HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-07] (Acer Incorporated) HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-02] (Dritek System Inc.) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] () HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google) HKLM\...\Run: [eRecoveryService] => [X] HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-05-12] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-05-12] (CyberLink) HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.) HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-23] (Acer) HKLM\...\Run: [] => [X] HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1644744 2012-08-08] (Ask) HKLM\...\Run: [Google Updater] => C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-15] (Google) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-02-19] (Google Inc.) HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26165568 2014-12-23] (SlimWare Utilities, Inc.) HKU\S-1-5-21-479782255-706792591-617315946-1000\...\MountPoints2: {bedf884a-6bd1-11e3-9a44-00238b004c94} - H:\DPFMate.exe AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-21] (Google) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.acer.de/ac/de/DE/content/home HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/?gws_rd=ssl URLSearchHook: HKU\S-1-5-21-479782255-706792591-617315946-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&src=kw&tb=MNC&o=15092&locale=de_DE&apn_ptnrs=^MF&apn_dtid=^MNT001^YY^DE&p2=^MF^MNT001^YY^DE&apn_uid=aad9f123-a74e-4aff-a538-cdc9d542b220&apn_sauid=7d6052f9-cbbc-471d-9191-3b5c568ca8a7&hpds=1&hdoi=2012-11-08&q={searchTerms} SearchScopes: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=N6Hs5uwKsg09mHRcs2HjkZPp4t8?q={searchTerms} BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-24] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-09-05] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-09-05] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-09-05] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-09-05] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-09-05] Chrome: ======= CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll No File CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\16.0.912.77\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll No File CHR Plugin: (McSimpleChromePlugin Dynamic Link Library) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.11.118.1_0\McChPlg.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-05] CHR Extension: (Google-Suche) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-05] CHR Extension: (SiteAdvisor) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2010-09-11] CHR Extension: (Google Mail) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-05] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () [File not signed] R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () [File not signed] S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google) S2 gupdate1c99d03c292747; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed] R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [222016 2014-12-23] (SlimWare Utilities, Inc.) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) S4 0013351358452156mcinstcleanup; C:\Users\MUCKIW~1\AppData\Local\Temp\001335~1.EXE -cleanup -nolog [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.) S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-21] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-12] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-06] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-06] (Kaspersky Lab ZAO) R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-16] (Cyberlink Corp.) [File not signed] R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-21] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 17:44 - 2015-01-27 17:50 - 00023334 _____ () C:\Users\muckiwob1\Desktop\FRST.txt 2015-01-27 17:41 - 2015-01-27 17:41 - 01120768 _____ (Farbar) C:\Users\muckiwob1\Desktop\FRST.exe 2015-01-27 04:00 - 2015-01-27 17:44 - 00000000 ____D () C:\FRST 2015-01-25 14:41 - 2015-01-25 14:41 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Nico Mak Computing 2015-01-25 14:40 - 2015-01-25 14:40 - 00000990 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2015-01-25 14:40 - 2015-01-25 14:40 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2015-01-25 14:40 - 2015-01-25 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2015-01-25 14:40 - 2015-01-25 14:40 - 00000000 ____D () C:\Program Files\WinZip Malware Protector 2015-01-25 14:40 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe 2015-01-25 13:50 - 2015-01-25 13:50 - 00000000 ____D () C:\Users\muckiwob1\Option 2015-01-24 17:20 - 2015-01-24 17:26 - 00000374 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - muckiwob1).job 2015-01-24 17:15 - 2015-01-24 17:15 - 00001864 _____ () C:\Users\Public\Desktop\SlimCleaner Plus.lnk 2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\Downloaded Installers 2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc 2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus 2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Program Files\SlimService 2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Program Files\SlimCleaner Plus 2015-01-24 17:14 - 2015-01-24 17:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\SlimWare Utilities Inc 2015-01-24 17:14 - 2015-01-24 17:14 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2015-01-24 17:14 - 2015-01-24 17:14 - 00001856 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk 2015-01-24 17:14 - 2015-01-24 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate 2015-01-24 17:14 - 2015-01-24 17:14 - 00000000 ____D () C:\Program Files\DriverUpdate 2015-01-24 17:13 - 2015-01-24 17:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2015-01-24 15:28 - 2015-01-24 15:28 - 00215475 _____ (TODO: <Company name>) C:\Windows\oem_uninst.exe 2015-01-24 15:25 - 2015-01-24 15:25 - 00000000 ____D () C:\Program Files\DLLSuite 2015-01-24 14:43 - 2015-01-24 18:00 - 00000452 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job 2015-01-24 14:40 - 2015-01-27 17:34 - 00000478 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job 2015-01-24 14:40 - 2015-01-24 14:56 - 00000426 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job 2015-01-24 14:40 - 2015-01-24 14:56 - 00000384 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job 2015-01-24 14:40 - 2015-01-24 14:56 - 00000366 _____ () C:\Windows\Tasks\PC Health Advisor.job 2015-01-24 14:40 - 2015-01-24 14:40 - 00000906 _____ () C:\Users\muckiwob1\Desktop\ParetoLogic PC Health Advisor.lnk 2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\ParetoLogic 2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic 2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\DriverCure 2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\ProgramData\ParetoLogic 2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\Program Files\ParetoLogic 2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic 2015-01-24 14:08 - 2015-01-25 14:11 - 00262144 _____ () C:\Windows\system32\config\elam 2015-01-18 15:23 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-18 14:42 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-18 14:42 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-18 14:42 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-18 14:41 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 17:50 - 2013-01-17 21:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-27 17:44 - 2008-01-21 08:16 - 00684342 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-27 17:42 - 2008-11-05 06:13 - 01721189 _____ () C:\Windows\WindowsUpdate.log 2015-01-27 17:35 - 2009-02-28 15:13 - 00028219 _____ () C:\ProgramData\nvModes.001 2015-01-27 17:35 - 2008-11-05 07:07 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2015-01-27 17:35 - 2008-04-18 10:49 - 00000147 _____ () C:\Windows\system32\agent.log 2015-01-27 17:34 - 2009-07-02 14:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-27 17:34 - 2008-01-21 03:47 - 06819296 _____ () C:\Windows\PFRO.log 2015-01-27 17:34 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-27 17:34 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-27 17:34 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-27 17:09 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-25 14:58 - 2009-07-02 14:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-25 14:34 - 2012-11-21 21:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-25 14:19 - 2012-11-11 20:43 - 00000000 ____D () C:\Windows\Minidump 2015-01-25 14:19 - 2010-09-11 23:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\skypePM 2015-01-25 14:19 - 2010-09-11 23:16 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Skype 2015-01-25 14:19 - 2009-02-20 19:08 - 00000000 ____D () C:\Users\muckiwob1\Tracing 2015-01-25 14:19 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther 2015-01-25 14:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles 2015-01-25 13:58 - 2008-04-18 10:43 - 00000000 ____D () C:\Program Files\eSobi 2015-01-25 13:58 - 2008-04-18 09:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-25 13:50 - 2009-02-19 18:36 - 00000000 ____D () C:\Users\muckiwob1 2015-01-24 14:07 - 2009-08-20 18:38 - 00000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat 2015-01-18 19:31 - 2010-10-24 15:52 - 00000482 ____H () C:\Windows\Tasks\Norton Security Scan for muckiwob1.job 2015-01-18 15:23 - 2013-08-18 17:34 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-18 14:44 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-01-17 16:33 - 2012-11-21 21:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-17 16:33 - 2012-11-21 21:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-08 09:55 - 2011-04-16 18:44 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-04 19:55 - 2011-01-04 16:32 - 00000000 ____D () C:\Users\muckiwob1\Documents\Bärbel ==================== Files in the root of some directories ======= 2014-02-13 20:04 - 2014-02-13 20:04 - 49940480 _____ () C:\Program Files\GUT6CE7.tmp 2009-02-21 10:41 - 2009-02-21 10:41 - 0024206 _____ () C:\Users\muckiwob1\AppData\Roaming\UserTile.png 2009-08-20 18:38 - 2015-01-24 14:07 - 0000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat 2009-02-21 10:39 - 2014-10-26 16:23 - 0022528 _____ () C:\Users\muckiwob1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-10-24 15:18 - 2012-10-24 15:21 - 0000280 _____ () C:\ProgramData\ArcadeDeluxe2.log 2010-09-11 23:19 - 2010-09-11 23:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2009-02-28 15:13 - 2015-01-27 17:35 - 0028219 _____ () C:\ProgramData\nvModes.001 2009-02-28 15:09 - 2014-10-23 17:46 - 0028219 _____ () C:\ProgramData\nvModes.dat 2012-06-21 16:42 - 2012-06-21 16:42 - 0000052 _____ () C:\ProgramData\pjyzptgqlivsclv Some content of TEMP: ==================== C:\Users\muckiwob1\AppData\Local\Temp\RtkBtMnt.exe C:\Users\muckiwob1\AppData\Local\Temp\scpD423.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-27 17:40 ==================== End Of Log ============================ --- --- --- Und hier die Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01 Ran by muckiwob1 at 2015-01-27 17:52:52 Running from C:\Users\muckiwob1\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 4.65 (HKLM\...\7-Zip) (Version: - ) Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5315 - CyberLink Corp.) Acer Arcade Deluxe (Version: 2.0.5315 - CyberLink Corp.) Hidden Acer Crystal Eye Webcam 2.0.8 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.8 - SuYin) Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3007 - CyberLink Corp.) Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3060 - Egis Inc.) Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3006 - Acer Incorporated) Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3008 - Acer Incorporated) Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3013 - Acer Incorporated) Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated) Acer GameZone Console 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.) Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - ) Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.) Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.0506 - Acer Incorporated) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) ArcSoft PhotoImpression (HKLM\...\{F8BBD99F-B51F-4B6C-80A8-B1B2993B59C4}) (Version: - ) Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION Ask Toolbar Updater (HKU\S-1-5-21-479782255-706792591-617315946-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.0.25589 - Ask.com) <==== ATTENTION AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27 (HKLM\...\AVerMedia A310 (MiniCard, DVB-T)) (Version: 1.1.0.27 - AVerMedia TECHNOLOGIES, Inc.) Broadcom Gigabit Integrated Controller (HKLM\...\{A64A5576-D862-44F8-89DC-2B17FCC9B86E}) (Version: 11.11.03 - Broadcom Corporation) Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DriverUpdate (HKLM\...\{8AE269B5-4133-4FFC-9896-D718886D7D8F}) (Version: 2.2.43335 - SlimWare Utilities, Inc.) ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen) Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 2.15 - Philipp Winterberg) GameShadow (HKLM\...\{B2390904-74BD-48AA-B2CC-6612F8D46379}) (Version: 2.03.0000 - GameShadow Ltd) Garmin BaseCamp (HKLM\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.10.04 - JMicron Technology Corp.) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab) Kaspersky Internet Security 2013 (Version: 13.0.1.4190 - Kaspersky Lab) Hidden Launch Manager (HKLM\...\LManager) (Version: - ) LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden Lumicron LDC-524z3 (HKLM\...\Lumicron LDC-524z3) (Version: - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.) Norton Security Scan (HKLM\...\NSS) (Version: 2.7.3.34 - Symantec Corporation) NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems) NTI Backup Now Standard (Version: 5.1.2.503 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6322 - NewTech Infosystems) NTI Media Maker 8 (Version: 8.0.2.6322 - NewTech Infosystems) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft) ParetoLogic PC Health Advisor (HKLM\...\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}) (Version: 3.1.7.0 - ParetoLogic, Inc.) PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.) PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2713 - CyberLink Corp.) PowerDirector (Version: 6.5.2713 - CyberLink Corp.) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5612 - Realtek Semiconductor Corp.) Secure Download Manager (HKLM\...\{6E839820-0BBA-4310-9D06-4463BAEA6641}) (Version: 3.1.01 - Kivuto Solutions Inc.) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Silent Hunter 4 Wolves of the Pacific (HKLM\...\{0D005F09-A5F4-473B-A901-5735C6AF5628}) (Version: 1.03.0000 - Ubisoft) Silent Hunter III (HKLM\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft) Silent Hunter III (Version: 1.4.0000 - Ubisoft) Hidden Skype Web Plugin (HKLM\...\{6F11BED2-859F-46C4-A9DA-A91AAD5BC849}) (Version: 2.3.12417.17599 - Skype Technologies S.A.) Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) SlimCleaner Plus (HKLM\...\{BA219F82-20BF-49AD-A279-E2D69D3B9D3F}) (Version: 1.0.26102 - SlimWare Utilities, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Winbond CIR Device Drivers (HKLM\...\{10F498FF-5392-4DF3-8F73-FE172A9F3800}) (Version: 7.60.1012 - Winbond Electronics Corporation) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinZip Malware Protector (HKLM\...\WinZip Malware Protector_is1) (Version: 2.1.1000.14260 - WinZip International LLC) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{01E62FC1-2BC2-43A7-9C7D-F1E2783CF000}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{079AA557-4A18-424A-8EEE-E39F0A8D41B9}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0AF1913F-13DB-42DA-A25E-958E8A79E9B0}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{13215D54-7340-4557-8874-7DD51AD527C9}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{168AD2AB-3A85-45A8-926D-CB7B3D293329}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsEventHandler.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{196117D7-6A7F-4F18-8E3B-200A7AA4D196}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{19EDAA63-117B-40FD-8E1C-92C8DC0CD725}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsConfig.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{1C048253-E86E-4B5A-BBB0-5B4FD327D28B}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsLocator.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{25E91008-C83E-4198-885A-3B136ACDCC54}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{2933BF90-7B36-11d2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{2933BF94-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3124C396-FB13-4836-A6AD-1317F1713688}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{373984C9-B845-449B-91E7-45AC83036ADE}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{384FF8F0-41BF-4F52-8620-B4624BA0B12F}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3A32E43A-323A-42DD-9505-D3C20E5511F8}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3D6B2683-0E0E-4367-A91D-9F044B2EA677}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3D813DFE-6C91-4A4E-8F41-04346A841D9C}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3E784A01-F3AE-4DC0-9354-9526B9370EBA}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{4C1E74BE-E45A-48DC-A8A0-E718B7AFEE5A}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsLocator.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{4DD441AD-526D-4A77-9F1B-9841ED802FB0}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{51AF5684-A538-492B-853D-7050E5B756DE}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsCompress.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{550DDA30-0541-11D2-9CA9-0060B0EC3D39}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6A63EC6D-35E0-4DA0-88F6-A268A0BB2A0F}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6F812978-7A39-42C9-AE5E-B3D775DDEDD4}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7449828A-155B-470F-B898-0AD0C92397EB}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsSchema.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7ADE76BA-7AF7-44BF-B0C5-A946534F1EBA}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\ARProgBar.ocx (Alvaro Redondo) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7D05D3E4-F18D-4D64-ABA4-FBC79589BB55}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7D168F55-08A5-42FD-B4F0-7CA684D84950}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7E3FCEA1-31B4-11D2-AE1F-0080C7337EA1}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9271413F-2B9A-42D9-95ED-E5E3CF6C0072}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsLocator.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{936E555A-92C5-4880-8F5B-3E5E4B989AFE}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsTransfer.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9573876E-12E2-45E1-A474-F7DFBCD42807}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{963EDF51-1209-4B6B-AC2B-55527019ED32}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{989D1DC0-B162-11D1-B6EC-D27DDCF9A923}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9F7DC59C-80B6-48FB-A4D3-CD72BAEBC9F7}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9FCFE650-A90A-4296-8A6C-E11542DDC472}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsBasicTimer.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{AFB40FFD-B609-40A3-9828-F88BBE11E4E3}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{AFBA6B42-5692-48EA-8141-DC517DCF0EF1}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B90D6692-7CC2-44B4-AF3D-5D7D74E743D0}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B9BE6250-1199-40C5-9F70-4CCC9D2A717B}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C58C197B-8F7C-40E1-8EE6-835944A1049F}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsLocator.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\ACTXPRXY.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{D2423620-51A0-11D2-9CAF-0060B0EC3D39}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{DBC47161-482C-4FD2-A854-412B9868AE97}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{DCFC2C95-651D-46A8-A31E-6EE58125C2E3}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsLocator.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{EFFF3436-D93B-4DEA-9593-E11C0FB74C2C}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F4C0312A-6562-407F-B924-1A224F13BD1F}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F19-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F27-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F31-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F33-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F34-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F35-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F36-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F37-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F39-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F3F-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F40-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F41-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F6D90F14-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{FB0500AA-E215-4133-A3DE-B2F301126C66}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{FC220AD8-A72A-4EE8-926E-0B7AD152A020}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{FD819CA3-D874-48CE-9EAD-AC7BE1D4F125}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsConfig.dll (Express Solutions Ltd) CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) ==================== Restore Points ========================= 21-11-2014 18:26:49 Windows Update 22-11-2014 15:43:51 Windows Update 30-11-2014 14:30:27 Windows Update 07-12-2014 14:29:21 Windows Update 14-12-2014 18:07:12 Windows Update 20-12-2014 16:53:56 Windows Update 20-12-2014 17:59:59 Windows Update 21-12-2014 13:56:36 Windows Update 22-12-2014 13:09:15 Windows Update 23-12-2014 14:58:44 Windows Update 26-12-2014 11:58:34 Windows Update 02-01-2015 14:07:55 Windows Update 03-01-2015 15:35:04 Windows Update 04-01-2015 14:34:14 Windows Update 10-01-2015 15:51:43 Windows Update 11-01-2015 15:07:59 Windows Update 17-01-2015 15:46:47 Windows Update 18-01-2015 14:40:09 Windows Update 20-01-2015 18:25:41 Windows Update 20-01-2015 19:18:41 Windows Update 23-01-2015 19:00:49 Windows Update 24-01-2015 13:12:20 Windows Update 24-01-2015 17:22:14 Windows Update 24-01-2015 18:35:26 Removed Adobe Reader 8.1.0 24-01-2015 18:41:22 Removed Adobe Reader 8.1.0 25-01-2015 13:38:25 Windows Update 25-01-2015 13:54:45 Entfernt eSobi v2 27-01-2015 17:38:19 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {065B971B-8DBE-48AF-B0BB-46BD22092E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.) Task: {08E272C8-50D7-43B5-8D3B-60789B839E08} - System32\Tasks\PC Health Advisor => C:\Program Files\ParetoLogic\PCHA\PCHA.exe [2015-01-20] (ParetoLogic, Inc.) Task: {0EE1F92A-11F3-4932-B120-D98FE273DEFF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {138E4485-77E0-456C-A83C-19534F7ACA95} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] () Task: {262D0496-525D-47D4-9F58-84E68B11642A} - System32\Tasks\{72D98D52-7371-461B-8E42-02FE0EA3DD0E} => C:\Program Files\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.) Task: {55402C3D-4570-421B-88BB-F31877D8EE34} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-17] (Adobe Systems Incorporated) Task: {5870D8F2-3DD4-4935-84AF-B4519D03C729} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] () Task: {598CAEAB-42E5-4F11-9FB5-1A1C86ADAD0F} - System32\Tasks\Norton Security Scan for muckiwob1 => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28] (Symantec Corporation) Task: {64B5E8FB-7DEB-4ADD-B581-195DF218A376} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe [2014-12-02] (Nico Mak Computing) Task: {93687AB8-0DC5-49A0-AA5F-B9A430916FC6} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-21] (Google) Task: {BF830876-71E3-4152-BA15-4758B885453F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.) Task: {C8552088-3810-4890-B6E9-484C7AFB5F87} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - muckiwob1) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2014-12-23] (SlimWare Utilities, Inc.) Task: {CF284DD2-143E-4D33-B616-885DD85039AF} - System32\Tasks\PC Health Advisor Defrag => C:\Program Files\ParetoLogic\PCHA\PCHA.exe [2015-01-20] (ParetoLogic, Inc.) Task: {D092662E-324C-4B92-A91E-6B5D22A041AC} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns Task: {D8C145E2-5A02-4759-9069-0775F78FDCA2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-06-06] () <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Norton Security Scan for muckiwob1.job => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files\ParetoLogic\PCHA\PCHA.exe Task: C:\Windows\Tasks\PC Health Advisor.job => C:\Program Files\ParetoLogic\PCHA\PCHA.exe Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - muckiwob1).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe ==================== Loaded Modules (whitelisted) ============= 2008-04-18 09:56 - 2008-04-23 14:58 - 00204800 _____ () C:\Windows\System32\SysHook.dll 2015-01-25 14:40 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files\WinZip Malware Protector\System.Data.SQLite.dll 2015-01-25 14:40 - 2014-12-02 11:26 - 01717936 _____ () C:\Program Files\WinZip Malware Protector\aspsys.dll 2015-01-25 14:40 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files\WinZip Malware Protector\UNRAR.DLL 2012-08-17 20:39 - 2013-09-05 19:44 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll 2008-02-28 21:44 - 2008-02-28 21:44 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll 2008-02-28 21:44 - 2008-02-28 21:44 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll 2008-02-28 21:44 - 2008-02-28 21:44 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll 2008-04-18 09:52 - 2008-04-18 09:52 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll 2008-04-18 09:52 - 2008-04-18 09:52 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll 2008-03-04 22:38 - 2008-03-04 22:38 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll 2008-04-06 21:42 - 2008-04-06 21:42 - 00034040 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe 2008-04-04 02:00 - 2008-04-04 02:00 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll 2008-11-05 07:18 - 2008-01-16 18:35 - 00081504 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe 2008-04-18 09:52 - 2008-03-21 12:22 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 2008-04-18 09:52 - 2008-04-18 09:52 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3006.0__14bcaafdb44b5951\Framework.Model.Controller.dll 2008-04-18 09:52 - 2008-04-18 09:52 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll 2008-04-18 09:52 - 2008-04-18 09:52 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3006.0__672b450de5a7e94a\Framework.Host.dll 2008-04-18 09:52 - 2008-04-18 09:52 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3006.0__9ecdf03bb2054f94\Framework.PluginInterface.dll 2008-04-18 09:59 - 2008-03-07 02:35 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll 2008-04-18 09:57 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll 2008-04-18 09:57 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll 2008-04-18 09:57 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll 2008-04-18 09:57 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll 2008-04-18 10:50 - 2007-12-06 15:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe 2008-04-18 10:50 - 2007-11-27 14:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll 2008-04-04 02:03 - 2008-04-04 02:03 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 2008-04-18 10:42 - 2007-01-09 03:25 - 00272024 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo.exe 2008-11-05 07:05 - 2007-10-23 10:56 - 00200704 _____ () C:\Windows\PLFSetI.exe 2008-11-05 07:07 - 2010-06-21 20:52 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll 2008-05-12 22:11 - 2008-05-12 22:11 - 00753664 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll 2008-05-12 22:11 - 2008-05-12 22:11 - 00007680 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll 2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:E36F5B57 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: 0013351358452156mcinstcleanup => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: MpsSvc => 2 MSCONFIG\Services: odserv => 3 MSCONFIG\Services: SCardSvr => 3 MSCONFIG\Services: Spooler => 2 MSCONFIG\Services: WinDefend => 2 MSCONFIG\Services: WMPNetworkSvc => 3 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ========================= Accounts: ========================== Administrator (S-1-5-21-479782255-706792591-617315946-500 - Administrator - Disabled) Gast (S-1-5-21-479782255-706792591-617315946-501 - Limited - Disabled) muckiwob1 (S-1-5-21-479782255-706792591-617315946-1000 - Administrator - Enabled) => C:\Users\muckiwob1 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/27/2015 05:49:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 2b0 Anfangszeit: 01d03a4f29ed1b2b Zeitpunkt der Beendigung: 31 Error: (01/27/2015 05:44:07 PM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: WmiApRplWmiApRpl8 Error: (01/27/2015 05:44:07 PM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (01/27/2015 05:44:06 PM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 Error: (01/27/2015 05:42:06 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT) Description: Product: Skype Web Plugin -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , , Error: (01/27/2015 05:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/27/2015 05:05:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/26/2015 06:55:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/25/2015 03:22:53 PM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: WmiApRplWmiApRpl8 Error: (01/25/2015 03:22:53 PM) (Source: LoadPerf) (EventID: 3012) (User: ) Description: Performance16 System errors: ============= Error: (01/27/2015 05:44:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Skype-Plugin-Aktualisierung{E22FBE58-32C4-452F-AA68-67E7A3902DC5}200 Error: (01/26/2015 06:55:30 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (01/26/2015 06:49:17 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 25.01.2015 um 15:24:44 unerwartet heruntergefahren. Error: (01/25/2015 03:14:03 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 25.01.2015 um 15:12:57 unerwartet heruntergefahren. Error: (01/25/2015 02:44:57 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C} Error: (01/25/2015 02:34:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000NlaSvc Error: (01/25/2015 02:29:41 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 25.01.2015 um 14:27:30 unerwartet heruntergefahren. Error: (01/25/2015 02:13:48 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 25.01.2015 um 14:12:27 unerwartet heruntergefahren. Error: (01/25/2015 01:48:29 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 25.01.2015 um 13:47:03 unerwartet heruntergefahren. Error: (01/25/2015 01:44:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: 0x80070643Skype-Plugin-Aktualisierung{E22FBE58-32C4-452F-AA68-67E7A3902DC5}200 Microsoft Office Sessions: ========================= Error: (01/25/2015 02:44:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 185 seconds with 60 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-01-27 17:50:06.582 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-27 17:50:05.178 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-27 17:50:03.852 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-27 17:50:02.636 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-27 17:50:00.904 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-27 17:49:59.578 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-27 17:49:57.644 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-27 17:49:56.536 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-27 17:49:54.726 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-27 17:49:52.870 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz Percentage of memory in use: 39% Total physical RAM: 3065.94 MB Available physical RAM: 1862.27 MB Total Pagefile: 6336.08 MB Available Pagefile: 4526.87 MB Total Virtual: 2899.88 MB Available Virtual: 2766.66 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:58.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:126.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: F604BC3A) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
27.01.2015, 20:22 | #8 |
/// the machine /// TB-Ausbilder | Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.01.2015, 07:01 | #9 |
| Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Hier ist die combofix.txt Code:
ATTFilter ComboFix 15-01-27.01 - muckiwob1 27.01.2015 23:36:31.2.2 - x86 ausgeführt von:: c:\users\muckiwob1\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\muckiwob1\AppData\Roaming\.# c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2014-12-27 bis 2015-01-27 )))))))))))))))))))))))))))))) . . 2015-01-27 19:30 . 2015-01-27 19:30 -------- d-----w- c:\program files\VS Revo Group 2015-01-27 03:00 . 2015-01-27 16:57 -------- d-----w- C:\FRST 2015-01-25 13:41 . 2015-01-27 22:31 -------- d-----w- c:\users\muckiwob1\AppData\Roaming\Nico Mak Computing 2015-01-25 12:50 . 2015-01-25 12:50 -------- d-----w- c:\users\muckiwob1\Option 2015-01-24 16:15 . 2015-01-24 16:15 -------- d-----w- c:\programdata\SlimWare Utilities Inc 2015-01-24 16:15 . 2015-01-24 16:15 -------- d-----w- c:\users\muckiwob1\AppData\Local\Downloaded Installers 2015-01-24 16:14 . 2015-01-24 16:14 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2015-01-24 16:14 . 2015-01-24 16:19 -------- d-----w- c:\users\muckiwob1\AppData\Local\SlimWare Utilities Inc 2015-01-24 16:14 . 2015-01-24 16:14 -------- d-----w- c:\program files\DriverUpdate 2015-01-24 14:28 . 2015-01-24 14:28 215475 ----a-w- c:\windows\oem_uninst.exe 2015-01-24 14:25 . 2015-01-24 14:25 -------- d-----w- c:\program files\DLLSuite 2015-01-24 13:40 . 2015-01-24 13:40 -------- d-----w- c:\users\muckiwob1\AppData\Roaming\ParetoLogic 2015-01-24 13:40 . 2015-01-24 13:40 -------- d-----w- c:\users\muckiwob1\AppData\Roaming\DriverCure 2015-01-24 13:40 . 2015-01-24 13:40 -------- d-----w- c:\program files\Common Files\ParetoLogic 2015-01-24 13:40 . 2015-01-27 19:57 -------- d-----w- c:\programdata\ParetoLogic 2015-01-18 14:23 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2015-01-18 13:42 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll 2015-01-18 13:42 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll 2015-01-18 13:42 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll 2015-01-18 13:41 . 2014-12-06 03:14 153600 ----a-w- c:\windows\system32\profsvc.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-01-17 15:33 . 2012-11-21 20:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-01-17 15:33 . 2012-11-21 20:00 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-01-08 08:55 . 2011-04-16 17:44 249488 ------w- c:\windows\system32\MpSigStub.exe 2014-12-03 02:06 . 2014-12-20 15:56 278528 ----a-w- c:\windows\system32\schannel.dll 2014-12-02 11:01 . 2015-01-20 17:51 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72F94C18-0544-4DD1-A271-D6DC7681E268}\mpengine.dll 2014-11-24 20:44 . 2014-12-14 17:30 367104 ----a-w- c:\windows\system32\html.iec 2014-11-24 20:40 . 2014-12-14 17:30 1810944 ----a-w- c:\windows\system32\jscript9.dll 2014-11-24 20:35 . 2014-12-14 17:30 1129472 ----a-w- c:\windows\system32\wininet.dll 2014-11-24 20:34 . 2014-12-14 17:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2014-11-24 20:33 . 2014-12-14 17:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2014-11-24 20:33 . 2014-12-14 17:30 421376 ----a-w- c:\windows\system32\vbscript.dll 2014-11-24 20:32 . 2014-12-14 17:30 11776 ----a-w- c:\windows\system32\mshta.exe 2014-11-24 20:32 . 2014-12-14 17:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL 2014-11-07 01:33 . 2014-12-21 13:21 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-11-04 00:19 . 2014-12-21 13:22 2048 ----a-w- c:\windows\system32\tzres.dll 2014-02-13 19:04 . 2014-02-13 19:04 49940480 ----a-w- c:\program files\GUT6CE7.tmp . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-21 30192] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144] "Skytel"="Skytel.exe" [2007-11-20 1826816] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-10 356128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-03-08 02:38 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856] R4 0013351358452156mcinstcleanup;McAfee Application Installer Cleanup (0013351358452156);c:\users\MUCKIW~1\AppData\Local\Temp\001335~1.EXE [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2015-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 15:33] . 2014-02-17 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-19 20:50] . 2015-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 17:00] . 2015-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 17:00] . 2015-01-18 c:\windows\Tasks\Norton Security Scan for muckiwob1.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-24 07:48] . 2015-01-27 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2014-12-08 18:55] . 2015-01-27 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08 18:55] . 2015-01-24 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08 18:55] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.acer.de/ac/de/DE/content/home mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file) HKLM-Run-eRecoveryService - (no file) AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2015-01-27 23:54 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc] "ImagePath"="." . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(6212) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\agrsmsvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\program files\Acer\Empowering Technology\Service\ETService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files\Cyberlink\Shared files\RichVideo.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-01-28 00:03:11 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-01-27 23:03 . Vor Suchlauf: 10 Verzeichnis(se), 64.484.397.056 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 64.245.424.128 Bytes frei . - - End Of File - - 400A4F749E099421F6F5A21F8C5E40C4 7BA4C7EA1EF33A92F5F01BE63EDACB6A noch zwei Dinge, die ich gestern Abend aufgrund von Müdigkeit nicht mehr erwähnte: Der REvo uninstaller ,eldete bei dem Deinstallieren von Ask Toolbar updater, das ein Löschen nicht möglich ist. Ich habe das mit "Ok" bestätigt, es wurde jedoch trotzdem entfernt, zumindest sehe ich es nicht mehr. Die Ausführung von combofix dauerte ewig lange, als die Stufe 50 nach über einer Stunde nicht überwunden war (Gesamtlaufzeit da schon fast 2,5 Std), habe ich abgebrochen und neu gestartet. Allerdings war es wohl meine Schuld, denn ich habe WinZip Malware Protector übersehen, der meldete mitten im scan plötzlich 36 gefundene Bedrohungen. Wie gesagt, ich habe abgebrochen, WinZip deinstalliert. Danach dauerte der gesamte scan ca. 30 Minuten mit oben angegebenem Log. |
28.01.2015, 13:24 | #10 |
/// the machine /// TB-Ausbilder | Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.01.2015, 07:03 | #11 |
| Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Nabend Schrauber, ich habe mir Malwarebytes Anti-Malware runtergeladen und gestartet. Jetzt läuft die Initialisierungssequenz (der erste Schritt: Vorbereitungs Abläufe) schon über eine Stunde. Ist das normal oder habe ich etwas falsch gemacht ? Jetzt sind es 2 Stunden... Ich nehme an, das ist nicht korrekt, oder ? Moin Schrauber, habe die Malewarebytes Anti-Malware noch einmal über Nacht laufen lassen, aber kein anderes Ergebnis, Endlosschleife in der Initialisierung, Laufzeit über 7 Stunden. Der Rechner war über Nacht nicht mit dem Netz verbunden und weitere Scanner waren nicht aktiv. Gruß Jens |
29.01.2015, 12:13 | #12 |
/// the machine /// TB-Ausbilder | Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Lass MBAM weg und mach bitte den Rest.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.01.2015, 21:18 | #13 |
| Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Nabend Schrauber, so, ich habe jetzt glaube ich so weit alles gemacht. Wie schon erwähnt initialisierte sich Malewarebytes zu Tode. Bei AdwCleaner verlief der Scan problemlos, aber hing beim Löschen der Ordner und Dateien jedes Mal an der gleichen Stelle fest. Allerdings wurden die zu löschenden Daten nah jedem Neustart weniger. Zum Schluß lief er aber durch und erzeugte die Log. Die hänge ich an: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 29/01/2015 um 20:50:33 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzername : muckiwob1 - WENDSCHOTT # Gestartet von : C:\Users\muckiwob1\Desktop\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** Task Gelöscht : paretologic registration3 Task Gelöscht : paretologic update version3 Task Gelöscht : Scheduled Update for Ask Toolbar ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\ParetoLogic Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\074A36B543391D44FA16C62EBD65A59E Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\074A36B543391D44FA16C62EBD65A59E Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\074A36B543391D44FA16C62EBD65A59E ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16599 -\\ Google Chrome v [C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms} [C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://sportbild.bild.de/kddb/cms/websearchsport.do?query={searchTerms} ************************* AdwCleaner[R0].txt - [2643 octets] - [29/01/2015 20:32:51] AdwCleaner[R1].txt - [2696 octets] - [29/01/2015 20:46:34] AdwCleaner[S0].txt - [410 octets] - [29/01/2015 20:36:20] AdwCleaner[S1].txt - [2617 octets] - [29/01/2015 20:50:33] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2677 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows Vista (TM) Home Premium x86 Ran by muckiwob1 on 29.01.2015 at 20:15:25,95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Successfully deleted: [Registry Key] "hkey_current_user\software\apn" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com" Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}" Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}" Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} ~~~ Files Successfully deleted: [File] "C:\Windows\System32\Tasks\scheduled update for ask toolbar" ~~~ Folders Successfully deleted: [Folder] "C:\Users\muckiwob1\AppData\Roaming\drivercure" Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{00F15895-A563-4774-B807-735931EF099E} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{02561840-87AB-4C4C-93E1-B1A7C032A90D} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{0350BF34-190F-4C1C-87AD-DC49A9924713} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{090AD786-E397-479E-8BC9-09903A771FD2} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{0A31A38D-02FF-4818-8242-E9856F374505} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{0AB710EE-6522-4EA8-A00B-F3D9204544A5} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{0E4D8449-D752-464A-A4A4-4B179D3A5AF7} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{11409070-BA80-423D-A64D-F5FC19A752C1} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{11B33341-7D91-4D70-8892-C4D19356DBDB} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{1B4A9057-76E0-4AE6-B96C-E24D729E341A} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{1C11F390-0962-4EDE-A9E0-8FD18FCADF65} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{1C8D493B-26B4-4CDE-A0AE-809E094ECA62} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{1DC6CC94-7DEE-4CD0-BCF7-46ECA484A57E} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{1E30F294-AE88-43FD-A757-EDAC7616DD08} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{20F7DF6B-6B62-4F17-99B8-F14777DD8F69} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{22194A43-F5FE-4682-ABD5-9202A736A32C} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{255C1F48-1B51-4914-8598-A530D4BC6B30} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{26940481-60FD-494E-BB1F-B8866645EF33} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{26DDF6DA-3D1C-47CD-9F7D-4DA65C1254CF} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{283B6892-FD64-4773-B7DA-2A037E22963F} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{2869B575-9595-4ED3-938F-D0B2EB1557A7} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{2D633DB7-C222-46EA-9DC8-6BC93DC27A9E} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{2F3A3BCE-7428-43A3-B8B1-5B5C48053F50} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{301B5EF3-DCC7-42C5-804B-CA668717DC69} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{304C240A-3B63-45D7-9D7A-D809A6809617} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{31984182-63BA-46E3-934E-02CDD158EDB9} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{39F9E29A-AF2B-4AE5-8951-55E9278B0217} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{3D14744F-46C6-4E00-80BB-54A707FCD80E} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{40B65F96-483F-4242-AAB3-D37672C02438} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{42246A3A-6BAE-4297-A99D-5F2E643EF21E} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{43020966-B652-4187-B96C-2766B7FF6DE9} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{4447D6BB-9CAA-4026-90EF-9CCC3D2972D3} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{4473B0ED-E062-416E-AA1B-722AF26E7A3A} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{44AA8E45-2401-4C27-B061-59DAE0B961F4} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{473F51C1-2DBE-4768-BF5C-13E853782119} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{4BCB69D3-9030-4476-BA27-DEC7CDCD9965} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{4C9CD8BA-BDA5-46E6-96B2-1E62551B50CA} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{50FF753B-5AB0-4CF7-AC5E-5B1D949BCE15} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5190EC4C-4BEB-47ED-ABB7-3076524C1868} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5407D384-DCD0-4C2A-9A25-D6A82BA46A16} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{54204FC3-4D0A-4550-AD81-D23B01BF4037} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{56DB0B09-EDB5-4275-8CBF-444ADFD20678} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{57CABD16-BC08-49E9-9D62-977B2C20C828} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{57E00E89-F110-40AA-959E-CD938310CD64} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{59B3E76D-FBE3-46ED-B04D-D686B3028444} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5BCB150A-3BBF-4BEE-9E63-738FCD90700F} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5C147451-7636-46F1-8ABD-1373D7049E31} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5EAC08B4-0B76-4755-A09D-F560BAEB6072} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5EE4FCCE-96B6-47FC-A716-F2300003D82A} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5FF37F24-EB96-42BC-A2FA-64F96275C163} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{62D5E5A7-5B9A-4830-92AB-414EA181A559} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{632E5AA1-C4B0-403A-BF80-C0BF86E6AB7C} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{65349D1B-9DEE-425E-A545-D8AE073E36BB} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{65D6BA7B-E926-48AA-A11C-7049F414209E} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{681CE1FE-F1E6-4472-AFDC-08F7B4B0054D} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{69C26D25-6CC4-42E4-8675-67767B6B6266} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{6D8A75CA-3A24-4746-BE80-B6A3F697AB74} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{70F4B99F-2463-4F4F-9DA8-FC315A9FC8F1} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{71C56504-E69A-464A-ABD6-9DF49253697A} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{75125466-63FD-4049-B6AB-14933633C641} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{79DDF74C-1042-4471-95D8-E3B654D66F9A} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{7D10679F-AC96-45DD-855C-D47991F752A0} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{7D15F985-46ED-490A-BDEE-E79B341C9E1B} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{7DAE28C5-0229-4A18-A3CF-CEFAE3E7AE77} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{7E2D71FD-4FAC-4A8B-B98F-4D6C80B42B70} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{80610B93-93EC-452E-85DD-89C09477F5AA} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{81AEB925-E891-4614-8DA3-E78882E550A7} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{858305FD-FE56-4514-9ABC-9B578B8F3A25} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{86DC5658-6536-4183-9484-1692F74007B1} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{88382FC8-70D6-4B6E-8206-DF14DBC48302} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{88414EF2-216F-456D-AB0D-11A07C3BF0F5} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{88490326-F34B-45A3-A86A-567356635AE2} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8A69316A-21B9-4761-886F-C1A3E6BD069F} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8AF70FDC-4763-4FD4-B310-5B3AB30C8733} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8BA75B23-C57D-470D-B226-F71D4467B5E4} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8C68E6F8-2582-43ED-B802-7EE800F4EACE} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8D55D82E-CC8F-4F1C-8920-5AB8836AA732} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8F4074A8-3670-43A9-9F32-2A93FDBC6676} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9529943E-911A-43B2-BE3C-7B82320EA675} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{95A0F3E4-CDA9-490B-8695-576BF464F803} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{978A9E15-DDAD-4D56-94B4-032543A8B4BF} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{99360997-D046-4989-B0A0-CEAC06C05F3A} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9A711DA1-2E16-4EC0-AF9A-5E2FB19121CB} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9A8FD8EB-2AF2-45A2-B082-A4BF107578A1} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9B78BFAB-41A0-4DCB-AE2C-1F0D24C9E8BB} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9C7DCA3C-7B89-4557-8837-80A63023FC3C} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9F82100F-02ED-48D4-959C-DD796CE75F9A} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{A192C8B9-0455-4F45-A684-E81979809E1A} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{A6B556CD-5BFC-4AB6-8974-502912FE69E4} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{A79003A1-3E87-4447-81AD-ECD0120851A2} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{A79E9E3B-3F59-4A7A-9BC4-2126A5750CB6} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{A9FE9E3C-8BC6-49E2-B887-63F62F5BE7E7} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{B85939B1-FF5A-440F-99B0-EFAF3ADFE3E7} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{BBFB7F55-8F99-44D6-8419-6F0A22BA9086} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{BE6826E7-97B1-4C7D-9D5A-A15099023FF2} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{BFAC9F73-2743-4497-B9D6-87A0173ABEC6} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{C548092C-61C1-48BB-9651-7213D1402F80} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{C6210540-65E2-4DA5-8021-8FB435E95E0B} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{C995748F-E840-4A97-BF12-E994883F3F1E} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{C9D6447F-687B-42CE-8AF1-C0773176241D} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{CB0ADC2D-57CC-4C61-AE5C-A548D5CB33CD} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{CCC0280A-612B-4CE0-8217-36FD40F77CB2} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{CF9FE89F-C53E-4B4D-A29D-514F9C4BBEAB} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{CFDC7FF0-C5E4-4877-A03C-A7D884C454A1} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{D4345342-4524-415B-8910-F6E91A3C58C4} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{D5407004-CFD0-42B8-B9C8-1AC23FCE9DE7} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{D5B04E42-800B-4259-93D1-E5A1FDD60744} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{D8EDD483-FC41-404F-BF8B-8313FEA86AB2} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{DC20D164-9109-4A23-B772-D95063C57E84} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{DE52E7E4-00A6-4686-8AA3-0289D606BD16} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{DEE321E9-085F-4456-8F2E-8534771E0F44} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{E071AE3D-5EAE-4DDC-A6EE-4AA62D16513E} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{EE836450-A86E-4A0D-BF3F-EFAF89D88A4D} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F06BBA1D-DE8F-468C-837D-51B34C6DE2DF} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F0F20280-BDC9-47C5-8011-54F4609212FC} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F2C5E1F7-D113-424C-A0EC-803A0D28D1EC} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F55E10CA-46AA-40C9-8D0B-AF866F987CD2} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F64C8396-451B-4478-8271-2CD4B10BF2CD} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F72DA01A-33AB-4872-8F0C-C0F02B8436C9} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F9A07398-4C2D-43BF-B2DA-D053797E0526} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{FA4A00C7-9BFC-4DD8-B30D-FCE5EAF16043} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{FC243C49-359F-47F1-8EF7-A99BBF54591A} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{FD93D6BE-22DA-4CD6-90D1-BDA6D1EE3203} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{FEA983DD-B514-491C-8121-308056DF056E} Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{FEE14A7D-0A21-42B4-8A11-050FBBBA6F25} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.01.2015 at 20:20:39,56 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01 Ran by SYSTEM on MINWINPC on 29-01-2015 21:03:33 Running from F:\ Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-27] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-17] (Synaptics, Inc.) HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.) HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated) HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-06] (Acer Incorporated) HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-01] (Dritek System Inc.) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] () HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google) HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-05-12] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-05-12] (CyberLink) HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.) HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-22] (Acer) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\muckiwob1\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-02-19] (Google Inc.) HKU\muckiwob1\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\muckiwob1\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-21] (Google) ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google) S2 gupdate1c99d03c292747; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.) S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () S3 MpsSvc; . [0 ] () <==== ATTENTION (zero size file/folder) S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-03] () S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-08] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation) S4 0013351358452156mcinstcleanup; C:\Users\MUCKIW~1\AppData\Local\Temp\001335~1.EXE -cleanup -nolog [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.) S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.) S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-12] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-21] (Kaspersky Lab ZAO) S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-12] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO) S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-06] (Kaspersky Lab ZAO) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-06] (Kaspersky Lab ZAO) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-28] (Malwarebytes Corporation) S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation) S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.) S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-21] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-29 11:32 - 2015-01-29 11:50 - 00000000 ____D () C:\AdwCleaner 2015-01-29 11:32 - 2015-01-29 11:32 - 02194432 _____ () C:\Users\muckiwob1\Desktop\AdwCleaner_4.109.exe 2015-01-29 11:20 - 2015-01-29 11:20 - 00015964 _____ () C:\Users\muckiwob1\Desktop\JRT.txt 2015-01-29 11:15 - 2015-01-29 11:15 - 00000000 ____D () C:\Windows\ERUNT 2015-01-29 11:14 - 2015-01-29 11:14 - 01707939 _____ (Thisisu) C:\Users\muckiwob1\Desktop\JRT.exe 2015-01-28 08:07 - 2015-01-28 13:12 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2015-01-28 08:07 - 2015-01-28 13:11 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-28 08:06 - 2015-01-28 13:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-01-28 08:06 - 2015-01-28 08:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-28 08:06 - 2014-11-20 21:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2015-01-28 08:06 - 2014-11-20 21:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2015-01-28 08:06 - 2014-11-20 21:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2015-01-28 08:03 - 2015-01-28 08:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\muckiwob1\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-27 15:03 - 2015-01-27 15:03 - 00012625 _____ () C:\ComboFix.txt 2015-01-27 12:02 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-27 12:02 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-27 12:02 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-27 12:02 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-27 12:02 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-27 12:02 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-27 12:02 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-27 12:02 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-27 12:01 - 2015-01-27 15:03 - 00000000 ____D () C:\Qoobox 2015-01-27 11:58 - 2015-01-27 15:00 - 00000000 ____D () C:\Windows\erdnt 2015-01-27 11:52 - 2015-01-27 11:52 - 05610622 ____R (Swearware) C:\Users\muckiwob1\Desktop\ComboFix.exe 2015-01-27 11:30 - 2015-01-27 11:30 - 00001061 _____ () C:\Users\muckiwob1\Desktop\Revo Uninstaller.lnk 2015-01-27 11:30 - 2015-01-27 11:30 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-01-27 11:29 - 2015-01-27 11:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\muckiwob1\Downloads\revosetup95.exe 2015-01-27 08:52 - 2015-01-27 08:57 - 00064821 _____ () C:\Users\muckiwob1\Desktop\Addition.txt 2015-01-27 08:44 - 2015-01-27 08:57 - 00032975 _____ () C:\Users\muckiwob1\Desktop\FRST.txt 2015-01-27 08:41 - 2015-01-27 08:41 - 01120768 _____ (Farbar) C:\Users\muckiwob1\Desktop\FRST.exe 2015-01-26 19:00 - 2015-01-27 08:57 - 00000000 ____D () C:\FRST 2015-01-25 05:41 - 2015-01-27 14:31 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Nico Mak Computing 2015-01-25 04:50 - 2015-01-25 04:50 - 00000000 ____D () C:\Users\muckiwob1\Option 2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\Downloaded Installers 2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc 2015-01-24 08:14 - 2015-01-24 08:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\SlimWare Utilities Inc 2015-01-24 08:14 - 2015-01-24 08:14 - 00013464 _____ () C:\Windows\System32\Drivers\SWDUMon.sys 2015-01-24 08:14 - 2015-01-24 08:14 - 00001856 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk 2015-01-24 08:14 - 2015-01-24 08:14 - 00000000 ____D () C:\Program Files\DriverUpdate 2015-01-24 08:13 - 2015-01-24 08:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2015-01-24 06:28 - 2015-01-24 06:28 - 00215475 _____ (TODO: <Company name>) C:\Windows\oem_uninst.exe 2015-01-24 06:25 - 2015-01-24 06:25 - 00000000 ____D () C:\Program Files\DLLSuite 2015-01-24 05:08 - 2015-01-25 05:11 - 00262144 _____ () C:\Windows\System32\config\elam 2015-01-18 06:23 - 2014-12-18 16:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys 2015-01-18 05:42 - 2014-12-05 19:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2015-01-18 05:42 - 2014-12-05 19:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2015-01-18 05:42 - 2014-12-05 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2015-01-18 05:41 - 2014-12-05 19:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-29 11:58 - 2008-11-04 21:13 - 01942457 _____ () C:\Windows\WindowsUpdate.log 2015-01-29 11:58 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-29 11:58 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-29 11:55 - 2013-01-17 12:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-29 11:53 - 2009-02-28 06:13 - 00028219 _____ () C:\ProgramData\nvModes.001 2015-01-29 11:53 - 2008-11-04 22:07 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml 2015-01-29 11:52 - 2008-04-18 01:49 - 00000147 _____ () C:\Windows\System32\agent.log 2015-01-29 11:52 - 2008-01-20 18:47 - 06852378 _____ () C:\Windows\PFRO.log 2015-01-29 11:32 - 2008-01-20 23:16 - 00710972 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-01-28 08:58 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\LogFiles 2015-01-27 15:03 - 2006-11-02 03:18 - 00000000 __RHD () C:\users\Default 2015-01-27 15:03 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public 2015-01-27 14:55 - 2006-11-02 02:23 - 00000215 _____ () C:\Windows\system.ini 2015-01-25 05:19 - 2012-11-11 11:43 - 00000000 ____D () C:\Windows\Minidump 2015-01-25 05:19 - 2010-09-11 14:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\skypePM 2015-01-25 05:19 - 2010-09-11 14:16 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Skype 2015-01-25 05:19 - 2009-02-20 10:08 - 00000000 ____D () C:\Users\muckiwob1\Tracing 2015-01-25 05:19 - 2007-07-11 17:49 - 00000000 ____D () C:\Windows\Panther 2015-01-25 04:58 - 2008-04-18 01:43 - 00000000 ____D () C:\Program Files\eSobi 2015-01-25 04:58 - 2008-04-18 00:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-25 04:50 - 2009-02-19 09:36 - 00000000 ____D () C:\users\muckiwob1 2015-01-24 05:07 - 2009-08-20 09:38 - 00000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat 2015-01-18 06:23 - 2013-08-18 08:34 - 00000000 ____D () C:\Windows\System32\MRT 2015-01-18 05:44 - 2006-11-02 02:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe 2015-01-17 07:33 - 2012-11-21 12:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2015-01-17 07:33 - 2012-11-21 12:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2015-01-08 00:55 - 2011-04-16 09:44 - 00249488 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2015-01-04 10:55 - 2011-01-04 07:32 - 00000000 ____D () C:\Users\muckiwob1\Documents\Bärbel Some content of TEMP: ==================== C:\Users\muckiwob1\AppData\Local\Temp\Quarantine.exe C:\Users\muckiwob1\AppData\Local\Temp\RtkBtMnt.exe C:\Users\muckiwob1\AppData\Local\Temp\sqlite3.dll ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-12-23 06:00:21 Restore point made on: 2014-12-26 03:01:23 Restore point made on: 2015-01-02 05:09:41 Restore point made on: 2015-01-03 06:40:59 Restore point made on: 2015-01-04 05:40:10 Restore point made on: 2015-01-10 06:53:28 Restore point made on: 2015-01-11 06:08:55 Restore point made on: 2015-01-17 06:48:10 Restore point made on: 2015-01-18 05:41:30 Restore point made on: 2015-01-20 09:27:10 Restore point made on: 2015-01-20 10:19:14 Restore point made on: 2015-01-23 10:02:15 Restore point made on: 2015-01-24 04:13:37 Restore point made on: 2015-01-24 08:24:07 Restore point made on: 2015-01-24 09:40:39 Restore point made on: 2015-01-24 09:44:54 Restore point made on: 2015-01-25 04:41:12 Restore point made on: 2015-01-25 04:57:01 Restore point made on: 2015-01-27 08:41:31 Restore point made on: 2015-01-27 11:11:36 Restore point made on: 2015-01-27 11:33:24 Restore point made on: 2015-01-27 11:34:48 Restore point made on: 2015-01-27 11:47:47 Restore point made on: 2015-01-28 07:59:44 Restore point made on: 2015-01-28 18:00:37 Restore point made on: 2015-01-29 10:48:54 Restore point made on: 2015-01-29 10:51:57 ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 4090.07 MB Available physical RAM: 3734.61 MB Total Pagefile: 3955.8 MB Available Pagefile: 3793.1 MB Total Virtual: 2047.88 MB Available Virtual: 1988.37 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:59.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:126.81 GB) NTFS Drive f: () (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32 Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.35 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: F604BC3A) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.8 GB) - (Type=0C) LastRegBack: 2015-01-29 11:31 ==================== End Of Log ============================ Und wie geht es jetzt weiter ?? |
30.01.2015, 09:41 | #14 |
/// the machine /// TB-Ausbilder | Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit FRST bitte aus dem normalen Modus
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.01.2015, 16:44 | #15 |
| Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit Moin Schrauber, na das sollte mal einer wissen :-) Hier dir FRST....aus dem normalen Modus. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01 Ran by muckiwob1 (administrator) on WENDSCHOTT on 30-01-2015 16:40:12 Running from C:\Users\muckiwob1\Desktop Loaded Profiles: muckiwob1 (Available profiles: muckiwob1) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\ACER\Mobility Center\MobilityService.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () C:\Program Files\Cyberlink\Shared files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe () C:\Windows\PLFSetI.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Realtek Semiconductor Corp.) C:\Users\muckiwob1\AppData\Local\temp\RtkBtMnt.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.191.3347.0.exe (Microsoft Corporation) D:\0eac610b8ead644dc15604969a981d\MpMiniSigStub.exe (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_257_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-28] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-18] (Synaptics, Inc.) HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.) HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated) HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-07] (Acer Incorporated) HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-02] (Dritek System Inc.) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] () HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google) HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-05-12] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-05-12] (CyberLink) HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.) HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-23] (Acer) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-02-19] (Google Inc.) HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-21] (Google) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-479782255-706792591-617315946-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.acer.de/ac/de/DE/content/home HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=N6Hs5uwKsg09mHRcs2HjkZPp4t8?q={searchTerms} BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-24] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-09-05] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-09-05] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-09-05] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-09-05] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-09-05] Chrome: ======= CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll No File CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\16.0.912.77\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll No File CHR Plugin: (McSimpleChromePlugin Dynamic Link Library) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.11.118.1_0\McChPlg.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-05] CHR Extension: (Google-Suche) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-05] CHR Extension: (SiteAdvisor) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2010-09-11] CHR Extension: (Google Mail) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-05] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25] CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () [File not signed] R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () [File not signed] S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google) S2 gupdate1c99d03c292747; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed] S3 MpsSvc; . [0 2015-01-30] () <==== ATTENTION (zero size file/folder) R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed] R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) S4 0013351358452156mcinstcleanup; C:\Users\MUCKIW~1\AppData\Local\Temp\001335~1.EXE -cleanup -nolog [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.) S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-21] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-12] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-06] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-06] (Kaspersky Lab ZAO) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-28] (Malwarebytes Corporation) R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-16] (Cyberlink Corp.) [File not signed] R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-21] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-30 16:39 - 2015-01-30 16:39 - 00000000 ____D () C:\Users\muckiwob1\Desktop\FRST-OlderVersion 2015-01-29 20:32 - 2015-01-29 20:50 - 00000000 ____D () C:\AdwCleaner 2015-01-29 20:32 - 2015-01-29 20:32 - 02194432 _____ () C:\Users\muckiwob1\Desktop\AdwCleaner_4.109.exe 2015-01-29 20:20 - 2015-01-29 20:20 - 00015964 _____ () C:\Users\muckiwob1\Desktop\JRT.txt 2015-01-29 20:15 - 2015-01-29 20:15 - 00000000 ____D () C:\Windows\ERUNT 2015-01-29 20:14 - 2015-01-29 20:14 - 01707939 _____ (Thisisu) C:\Users\muckiwob1\Desktop\JRT.exe 2015-01-29 19:49 - 2015-01-29 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2015-01-28 17:07 - 2015-01-28 22:12 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-28 17:07 - 2015-01-28 22:11 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-28 17:07 - 2015-01-28 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-28 17:06 - 2015-01-28 22:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-01-28 17:06 - 2015-01-28 17:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-28 17:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-28 17:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-28 17:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-28 17:03 - 2015-01-28 17:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\muckiwob1\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-28 00:03 - 2015-01-28 00:03 - 00012625 _____ () C:\ComboFix.txt 2015-01-27 21:02 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-27 21:02 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-27 21:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-27 21:02 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-27 21:02 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-27 21:02 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-27 21:02 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-27 21:02 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-27 21:01 - 2015-01-28 00:03 - 00000000 ____D () C:\Qoobox 2015-01-27 20:58 - 2015-01-28 00:00 - 00000000 ____D () C:\Windows\erdnt 2015-01-27 20:52 - 2015-01-27 20:52 - 05610622 ____R (Swearware) C:\Users\muckiwob1\Desktop\ComboFix.exe 2015-01-27 20:30 - 2015-01-27 20:30 - 00001061 _____ () C:\Users\muckiwob1\Desktop\Revo Uninstaller.lnk 2015-01-27 20:30 - 2015-01-27 20:30 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-01-27 20:29 - 2015-01-27 20:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\muckiwob1\Downloads\revosetup95.exe 2015-01-27 17:52 - 2015-01-27 17:57 - 00064821 _____ () C:\Users\muckiwob1\Desktop\Addition.txt 2015-01-27 17:44 - 2015-01-30 16:40 - 00021924 _____ () C:\Users\muckiwob1\Desktop\FRST.txt 2015-01-27 17:41 - 2015-01-30 16:39 - 01121792 _____ (Farbar) C:\Users\muckiwob1\Desktop\FRST.exe 2015-01-27 04:00 - 2015-01-30 16:40 - 00000000 ____D () C:\FRST 2015-01-25 14:41 - 2015-01-27 23:31 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Nico Mak Computing 2015-01-25 13:50 - 2015-01-25 13:50 - 00000000 ____D () C:\Users\muckiwob1\Option 2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\Downloaded Installers 2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc 2015-01-24 17:14 - 2015-01-24 17:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\SlimWare Utilities Inc 2015-01-24 17:14 - 2015-01-24 17:14 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2015-01-24 17:14 - 2015-01-24 17:14 - 00001856 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk 2015-01-24 17:14 - 2015-01-24 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate 2015-01-24 17:14 - 2015-01-24 17:14 - 00000000 ____D () C:\Program Files\DriverUpdate 2015-01-24 17:13 - 2015-01-24 17:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2015-01-24 15:28 - 2015-01-24 15:28 - 00215475 _____ (TODO: <Company name>) C:\Windows\oem_uninst.exe 2015-01-24 15:25 - 2015-01-24 15:25 - 00000000 ____D () C:\Program Files\DLLSuite 2015-01-24 14:40 - 2015-01-30 16:28 - 00000478 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job 2015-01-24 14:08 - 2015-01-25 14:11 - 00262144 _____ () C:\Windows\system32\config\elam 2015-01-18 15:23 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-18 14:42 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-18 14:42 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-18 14:42 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-18 14:41 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-30 16:37 - 2008-11-05 06:13 - 01993631 _____ () C:\Windows\WindowsUpdate.log 2015-01-30 16:35 - 2008-01-21 08:16 - 00721624 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-30 16:33 - 2012-11-21 21:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-30 16:30 - 2013-01-17 21:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-30 16:28 - 2009-07-02 14:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-30 16:28 - 2009-02-28 15:13 - 00028219 _____ () C:\ProgramData\nvModes.001 2015-01-30 16:28 - 2008-11-05 07:07 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2015-01-30 16:28 - 2008-04-18 10:49 - 00000147 _____ () C:\Windows\system32\agent.log 2015-01-30 16:28 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-30 16:28 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-30 16:27 - 2008-01-21 03:47 - 06852926 _____ () C:\Windows\PFRO.log 2015-01-30 16:27 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-29 23:39 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-29 22:58 - 2009-07-02 14:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-28 17:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles 2015-01-28 00:03 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2015-01-28 00:03 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2015-01-27 23:55 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2015-01-25 14:19 - 2012-11-11 20:43 - 00000000 ____D () C:\Windows\Minidump 2015-01-25 14:19 - 2010-09-11 23:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\skypePM 2015-01-25 14:19 - 2010-09-11 23:16 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Skype 2015-01-25 14:19 - 2009-02-20 19:08 - 00000000 ____D () C:\Users\muckiwob1\Tracing 2015-01-25 14:19 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther 2015-01-25 13:58 - 2008-04-18 10:43 - 00000000 ____D () C:\Program Files\eSobi 2015-01-25 13:58 - 2008-04-18 09:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-25 13:50 - 2009-02-19 18:36 - 00000000 ____D () C:\Users\muckiwob1 2015-01-24 14:07 - 2009-08-20 18:38 - 00000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat 2015-01-18 19:31 - 2010-10-24 15:52 - 00000482 ____H () C:\Windows\Tasks\Norton Security Scan for muckiwob1.job 2015-01-18 15:23 - 2013-08-18 17:34 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-18 14:44 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-01-17 16:33 - 2012-11-21 21:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-17 16:33 - 2012-11-21 21:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-08 09:55 - 2011-04-16 18:44 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-04 19:55 - 2011-01-04 16:32 - 00000000 ____D () C:\Users\muckiwob1\Documents\Bärbel ==================== Files in the root of some directories ======= 2014-02-13 20:04 - 2014-02-13 20:04 - 49940480 _____ () C:\Program Files\GUT6CE7.tmp 2009-02-21 10:41 - 2009-02-21 10:41 - 0024206 _____ () C:\Users\muckiwob1\AppData\Roaming\UserTile.png 2009-08-20 18:38 - 2015-01-24 14:07 - 0000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat 2009-02-21 10:39 - 2014-10-26 16:23 - 0022528 _____ () C:\Users\muckiwob1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-10-24 15:18 - 2012-10-24 15:21 - 0000280 _____ () C:\ProgramData\ArcadeDeluxe2.log 2010-09-11 23:19 - 2010-09-11 23:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2009-02-28 15:13 - 2015-01-30 16:28 - 0028219 _____ () C:\ProgramData\nvModes.001 2009-02-28 15:09 - 2014-10-23 17:46 - 0028219 _____ () C:\ProgramData\nvModes.dat 2012-06-21 16:42 - 2012-06-21 16:42 - 0000052 _____ () C:\ProgramData\pjyzptgqlivsclv Some content of TEMP: ==================== C:\Users\muckiwob1\AppData\Local\temp\Quarantine.exe C:\Users\muckiwob1\AppData\Local\temp\RtkBtMnt.exe C:\Users\muckiwob1\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-30 16:41 ==================== End Of Log ============================ |
Themen zu Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit |
erkannt, frage, fragen, gesperrt, guten, hinweis, infos, interpol windows vista, kaspersky, laptop, nicht erkannt, problem, rechner, recht, scan, scannen, scanner, trojaner, verhindert, virenscan, virenscanner, vista, windows, windows vista, zahlen, öffnet |