Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/patched/ren/gen


  • This topic is locked This topic is locked
27 replies to this topic

#1 compukerxl6

compukerxl6

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 02 April 2014 - 03:33 PM

Hello there,

 

Avira identified TR/patched/ren/gen 4 or 5 times over the last 3 or 4 days.  I ran adwcleaner and Malwarebytes which found a few files for removal but not TR/patched/ren/gen.  How can I tell if I've removed it???

 

I ran dds and have attached it.

 

Thanks and best wishes

 

 

Attached File  dds.txt   11.09KB   3 downloads



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 AM

Posted 03 April 2014 - 07:22 AM





Hello compukerxl6

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 compukerxl6

compukerxl6
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 April 2014 - 05:23 PM

Hi Gringo,

 

Thanks for the prompt reply.

 

The logs follow.

 

FYI, I will not be able to reply until the 14.4 because I am away for the next week.  I hope this is ok.

 

Thanks again.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Marion (administrator) on HANNA on 06-04-2014 00:07:51
Running from C:\Users\Marion\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\windows\system32\UI0Detect.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()
HKU\S-1-5-21-771618654-3341757510-301361698-1001\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-771618654-3341757510-301361698-1001\...\MountPoints2: {5d3e5ca4-fe0c-11de-b031-0024542425d9} - F:\pushinst.exe
HKU\S-1-5-21-771618654-3341757510-301361698-1001\...\MountPoints2: {e623f5a1-77e6-11e1-ad5d-0024542425d9} - F:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/
http://www.google.com/
http://www.google.de/
https://www.google.de/
http://www.google.de/
http://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 37 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 FWLANUSB; C:\windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
S3 RRNetCap; C:\windows\System32\DRIVERS\rrnetcap.sys [31848 2011-11-24] (RapidSolution Software AG)
R3 RRNetCapMP; C:\windows\System32\DRIVERS\rrnetcap.sys [31848 2011-11-24] (RapidSolution Software AG)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-11-12] (Avira GmbH)
R3 tbhsd; C:\windows\System32\drivers\tbhsd.sys [39016 2011-11-24] (RapidSolution Software AG)
R3 Trufos; C:\windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 00:07 - 2014-04-06 00:08 - 00010075 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-04-06 00:07 - 2014-04-06 00:07 - 00000000 ____D () C:\FRST
2014-04-06 00:06 - 2014-04-06 00:06 - 01145856 _____ (Farbar) C:\Users\Marion\Desktop\FRST.exe
2014-04-02 20:25 - 2014-04-02 20:25 - 00011356 _____ () C:\Users\Marion\Desktop\dds.txt
2014-04-02 20:25 - 2014-04-02 20:25 - 00006812 _____ () C:\Users\Marion\Desktop\attach.txt
2014-04-02 20:18 - 2014-04-02 20:18 - 00688992 ____R (Swearware) C:\Users\Marion\Desktop\dds.com
2014-04-02 20:08 - 2014-04-06 00:05 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 20:08 - 2014-04-06 00:04 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 20:08 - 2014-04-06 00:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-02 20:08 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-02 20:08 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-02 20:08 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-02 20:08 - 2014-04-02 20:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 20:07 - 2014-04-02 20:07 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Marion\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-04-01 08:59 - 2014-04-01 08:59 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Lavasoft
2014-03-31 22:13 - 2014-03-31 22:13 - 01950720 _____ () C:\Users\Marion\Desktop\adwcleaner.exe
2014-03-31 21:51 - 2014-03-31 22:15 - 00000000 ____D () C:\AdwCleaner
2014-03-25 22:28 - 2014-03-25 22:28 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\LavasoftStatistics
2014-03-25 22:05 - 2014-04-05 23:54 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-03-25 22:05 - 2014-03-25 22:05 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-25 21:58 - 2014-03-25 21:58 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-03-25 21:57 - 2014-03-25 21:57 - 01727624 _____ () C:\Users\Marion\Desktop\Adaware_Installer.exe
2014-03-17 23:33 - 2014-03-17 23:34 - 24677393 _____ () C:\Users\Marion\Downloads\vlc-2.1.3-win32.exe
2014-03-14 09:24 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-14 09:24 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-14 09:24 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-14 09:24 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-14 09:24 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-14 09:24 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-14 09:24 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-14 09:24 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-14 09:24 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-14 09:24 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-14 09:24 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-14 09:24 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-14 09:24 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-14 09:24 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-14 09:24 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-14 09:24 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-14 09:24 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-14 09:24 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-14 09:24 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-14 09:24 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-14 09:24 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-14 09:24 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-14 09:24 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-14 09:23 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-14 09:23 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-09 20:21 - 2014-03-09 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe

==================== One Month Modified Files and Folders =======

2014-04-06 00:08 - 2014-04-06 00:07 - 00010075 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-04-06 00:07 - 2014-04-06 00:07 - 00000000 ____D () C:\FRST
2014-04-06 00:06 - 2014-04-06 00:06 - 01145856 _____ (Farbar) C:\Users\Marion\Desktop\FRST.exe
2014-04-06 00:05 - 2014-04-02 20:08 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 00:04 - 2014-04-02 20:08 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-06 00:04 - 2014-04-02 20:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-06 00:03 - 2009-09-22 07:23 - 01553293 _____ () C:\windows\WindowsUpdate.log
2014-04-06 00:02 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 00:02 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 23:55 - 2011-09-02 14:03 - 00000000 ____D () C:\Users\Marion\Tracing
2014-04-05 23:54 - 2014-03-25 22:05 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-04-05 23:54 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-05 23:54 - 2009-07-14 06:39 - 00081445 _____ () C:\windows\setupact.log
2014-04-03 09:51 - 2014-04-02 20:08 - 00073432 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-02 20:08 - 00051416 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-02 20:08 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-02 21:34 - 2009-07-26 22:06 - 01619442 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-02 20:25 - 2014-04-02 20:25 - 00011356 _____ () C:\Users\Marion\Desktop\dds.txt
2014-04-02 20:25 - 2014-04-02 20:25 - 00006812 _____ () C:\Users\Marion\Desktop\attach.txt
2014-04-02 20:18 - 2014-04-02 20:18 - 00688992 ____R (Swearware) C:\Users\Marion\Desktop\dds.com
2014-04-02 20:08 - 2014-04-02 20:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 20:07 - 2014-04-02 20:07 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Marion\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-04-01 08:59 - 2014-04-01 08:59 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Lavasoft
2014-03-31 22:15 - 2014-03-31 21:51 - 00000000 ____D () C:\AdwCleaner
2014-03-31 22:13 - 2014-03-31 22:13 - 01950720 _____ () C:\Users\Marion\Desktop\adwcleaner.exe
2014-03-25 22:28 - 2014-03-25 22:28 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\LavasoftStatistics
2014-03-25 22:05 - 2014-03-25 22:05 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-25 22:00 - 2011-10-13 23:50 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-25 21:58 - 2014-03-25 21:58 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-03-25 21:57 - 2014-03-25 21:57 - 01727624 _____ () C:\Users\Marion\Desktop\Adaware_Installer.exe
2014-03-25 21:41 - 2011-11-07 16:42 - 00000064 _____ () C:\windows\system32\rp_stats.dat
2014-03-25 21:41 - 2011-11-07 16:42 - 00000044 _____ () C:\windows\system32\rp_rules.dat
2014-03-25 21:33 - 2011-11-08 10:27 - 00017185 _____ () C:\aaw7boot.log
2014-03-20 22:46 - 2009-07-14 06:53 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-03-18 23:32 - 2013-11-10 22:51 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 23:30 - 2010-01-10 12:19 - 87350280 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-18 08:18 - 2009-07-14 06:33 - 00418624 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-18 08:17 - 2010-01-08 01:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-18 00:37 - 2010-01-08 01:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-17 23:34 - 2014-03-17 23:33 - 24677393 _____ () C:\Users\Marion\Downloads\vlc-2.1.3-win32.exe
2014-03-09 21:35 - 2010-01-08 01:27 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe
2014-03-09 20:21 - 2014-03-09 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-03-09 20:21 - 2011-10-20 22:11 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-09 11:21 - 2010-01-13 13:46 - 00000000 ____D () C:\Users\Marion\Documents\David
2014-03-09 11:18 - 2013-12-23 01:44 - 00000000 ____D () C:\Users\Marion\Documents\Amy

Some content of TEMP:
====================
C:\Users\Marion\AppData\Local\Temp\AskSLib.dll
C:\Users\Marion\AppData\Local\Temp\avgnt.exe
C:\Users\Marion\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Marion\AppData\Local\Temp\installhelper.dll
C:\Users\Marion\AppData\Local\Temp\Quarantine.exe
C:\Users\Marion\AppData\Local\Temp\_cdstarterbasic1.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 22:57

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Marion at 2014-04-06 00:08:32
Running from C:\Users\Marion\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Ad-Aware Antivirus (HKLM\...\{17E73768-9F21-4334-ABE6-CD131031564C}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft)
AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Audials (HKLM\...\{68597A1C-2116-4133-854A-B54649D23E0B}) (Version: 9.0.54502.200 - RapidSolution Software AG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2907 - CyberLink Corp.) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
Elf Bowling Hawaiian Vacation (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}) (Version:  - Oberon Media)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Hexe Trixi CD 1 (HKLM\...\{3C8E1E01-A557-420C-B6F5-9EF0B8D1DA69}) (Version: 1.1.0 - Mildenberger)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lollipop Mathe 2 (HKLM\...\Lollipop Mathe 2_is1) (Version:  - Cornelsen) <==== ATTENTION
Löwenzahn 1 (HKLM\...\{38C9BDE0-59DB-4DE0-B4C9-AB2A6258108C}) (Version: 1.00.0000 - Terzio Verlag)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OnlineFotoservice (HKLM\...\OnlineFotoservice) (Version:  - )
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5948 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Youtube Downloader HD v. 2.8 (HKLM\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Restore Points  =========================

17-03-2014 22:36:30 Windows Update
18-03-2014 21:30:35 Windows Update
24-03-2014 20:21:40 Windows-Sicherung
25-03-2014 19:42:45 Windows Update
25-03-2014 19:58:16 AA11
25-03-2014 20:04:39 AA11
02-04-2014 14:28:20 Windows Update
05-04-2014 22:01:46 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1998017C-9992-41AC-9122-AF92F115A383} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {1CCDF7FB-ACBA-4D0A-87CC-1EFE7E679086} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {1DAB3BBB-BDBC-4E0D-A8C3-CD7B0F012CD3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {31C68D58-AC39-4AF3-8080-45603F50948A} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-09-21] (Samsung Electronics. Co. Ltd.)
Task: {66C32559-3BF4-4CDE-8292-CF653355C3C2} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {7C11FB40-3B9E-4B78-B798-314A221F2BDD} - System32\Tasks\{5F236E9C-F1B7-4121-9267-75F2E45EF33F} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {A3D7FCF1-077F-489D-B1A8-B22578A249DF} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {C7AD6C6B-CB53-402E-BDED-3E55E922E51C} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {FCC85F9D-CE13-4427-ABDC-98A596891E6A} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {FF520546-9FBB-40D0-B9B4-CEE701894095} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)

==================== Loaded Modules (whitelisted) =============

2014-03-02 14:27 - 2013-08-30 01:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-11-13 21:03 - 2013-11-12 21:18 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-01-23 17:26 - 2014-01-23 17:26 - 00651232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
2014-01-23 17:33 - 2014-01-23 17:33 - 00087928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00022392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00048512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00107904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 03053416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 01928008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00638328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00477544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00244088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00119656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00087384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00105304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00228728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00170376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00342376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00210280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00244592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiMalwareEngine.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiRootkitEngine.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00367472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerHistory.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00502112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScanner.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00030584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_timer-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00268656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerScheduler.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00274808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareRealTimeProtection.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00190824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIncompatibles.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00181600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiSpam.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00105320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiPhishing.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00472944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareParentalControl.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 01858408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareWebProtection.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00223088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareEmailProtection.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00513392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareNetworkProtection.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00422752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareInstaller.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll
2014-01-23 17:33 - 2014-01-23 17:33 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00298840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwarePromo.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00241504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareFeedback.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SecurityCenter.dll
2013-07-17 18:10 - 2013-07-17 18:10 - 00565640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll
2010-01-08 01:30 - 2009-08-13 22:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2009-09-22 07:24 - 2010-04-20 14:26 - 00300912 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
2009-09-22 07:24 - 2010-04-16 14:11 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
2009-09-22 07:26 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 03643224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
2014-01-23 17:33 - 2014-01-23 17:33 - 00405880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00308064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00056664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00789360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll
2014-01-23 17:32 - 2014-01-23 17:32 - 00118104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:5C5A503E

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2014 05:39:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/02/2014 05:39:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/02/2014 05:39:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/02/2014 05:39:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/02/2014 05:39:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/31/2014 10:58:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/31/2014 10:58:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/31/2014 10:58:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/31/2014 10:58:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/31/2014 10:57:58 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/05/2014 03:07:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%16405

Error: (04/03/2014 11:43:21 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/03/2014 11:43:21 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/03/2014 11:26:30 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/03/2014 11:26:30 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/02/2014 08:05:10 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (03/31/2014 10:17:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Oberon Media Game Console service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (03/31/2014 10:17:50 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Oberon Media Game Console service erreicht.

Error: (03/29/2014 03:22:51 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎29.‎03.‎2014 um 14:21:41 unerwartet heruntergefahren.

Error: (03/25/2014 09:36:30 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 3066.61 MB
Available physical RAM: 2044.41 MB
Total Pagefile: 6129.46 MB
Available Pagefile: 4712.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.49 GB) (Free:86.49 GB) NTFS
Drive d: () (Fixed) (Total:141.5 GB) (Free:14.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 031AA195)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=141 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 AM

Posted 05 April 2014 - 07:23 PM



Hello compukerxl6

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 AM

Posted 08 April 2014 - 08:05 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 AM

Posted 11 April 2014 - 08:06 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 compukerxl6

compukerxl6
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 13 April 2014 - 12:54 PM

Hi,

 

I still need some time.  I wrioe in my first reply that I would be away until the 14.4.  I'm just in the door and will run the progs tomorrow evening.  Hope this is ok.

 

Thanks.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 AM

Posted 13 April 2014 - 08:45 PM

that is Ok I will check on you later



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 compukerxl6

compukerxl6
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 15 April 2014 - 03:55 PM

Hello Gringo,

 

Logs pasted below as instructed.  The computer seems to be running ok but Avira gave 2 alerts for TR/patched/ren/gen yesterday (access to c/temp/'file number' containing the virus TR/patched/ren/gen was blocked).  When I click on 'remove' Avira starts a search.  Then the alert comes up again a few days later.  In the 'results' menu of Avira 5 or six ren/gen alerts are listed.

 

Thanks and all the best.

 

# AdwCleaner v3.023 - Bericht erstellt am 15/04/2014 um 22:07:03
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Marion - HANNA
# Gestartet von : C:\Users\Marion\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Marion\AppData\Local\CrashRpt

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


*************************

AdwCleaner[R0].txt - [2785 octets] - [31/03/2014 21:55:21]
AdwCleaner[R1].txt - [2775 octets] - [31/03/2014 22:14:26]
AdwCleaner[R2].txt - [905 octets] - [15/04/2014 22:06:01]
AdwCleaner[S0].txt - [2846 octets] - [31/03/2014 22:15:29]
AdwCleaner[S1].txt - [829 octets] - [15/04/2014 22:07:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [888 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Marion on 15.04.2014 at 22:14:15,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.04.2014 at 22:16:37,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 AM

Posted 15 April 2014 - 09:19 PM


Hello compukerxl6

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 compukerxl6

compukerxl6
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 16 April 2014 - 04:01 PM

Hi There,

 

Here's the combofix log.  There have been no problems since the last post.  The computer seems to be running fine but I have only used it to run combofix.  It hasn't been in use so much for the last two days so I don't have a lot to go on at the moment.  The Avira alert for Ren/gen has happened intermittently over the past 2 or 3 weeks.

 

Thanks and all the best.

 

 

 

ComboFix 14-04-12.01 - Marion 16.04.2014  22:29:45.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3067.1788 [GMT 2:00]
ausgeführt von:: c:\users\Marion\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marion\AppData\Roaming\.#
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-16 bis 2014-04-16  ))))))))))))))))))))))))))))))
.
.
2014-04-16 20:36 . 2014-04-16 20:36    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-04-16 20:36 . 2014-04-16 20:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-15 20:14 . 2014-04-15 20:14    --------    d-----w-    c:\windows\ERUNT
2014-04-15 18:05 . 2014-03-07 04:35    7969936    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0080914A-6BFD-4C1B-B13E-495DF882D288}\mpengine.dll
2014-04-14 17:51 . 2014-03-31 00:13    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-04-05 22:07 . 2014-04-05 22:09    --------    d-----w-    C:\FRST
2014-04-02 18:08 . 2014-04-15 20:11    107736    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-02 18:08 . 2014-04-03 07:51    51416    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-02 18:08 . 2014-04-03 07:51    73432    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-02 18:08 . 2014-04-03 07:50    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-02 18:08 . 2014-04-05 22:04    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-04-02 18:08 . 2014-04-02 18:08    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-02 18:08 . 2014-04-02 18:08    --------    d-----w-    c:\users\Marion\AppData\Local\Programs
2014-04-01 06:59 . 2014-04-01 06:59    --------    d-----w-    c:\users\Marion\AppData\Roaming\Lavasoft
2014-03-31 19:51 . 2014-04-15 20:07    --------    d-----w-    C:\AdwCleaner
2014-03-25 20:05 . 2014-03-25 20:05    --------    d-----w-    c:\program files\Lavasoft
2014-03-25 19:58 . 2014-03-25 19:58    --------    d-----w-    c:\program files\Common Files\Lavasoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-09 18:21 . 2014-03-09 18:21    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-09 18:21 . 2011-10-20 20:11    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-04 12:32 . 2014-03-04 12:32    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-03-04 12:32 . 2014-03-04 12:32    645120    ----a-w-    c:\windows\system32\jsIntl.dll
2014-03-04 12:32 . 2014-03-04 12:32    62464    ----a-w-    c:\windows\system32\tdc.ocx
2014-03-04 12:32 . 2014-03-04 12:32    34816    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-04 12:32 . 2014-03-04 12:32    194048    ----a-w-    c:\windows\system32\elshyph.dll
2014-03-04 12:32 . 2014-03-04 12:32    182272    ----a-w-    c:\windows\system32\msls31.dll
2014-03-04 12:32 . 2014-03-04 12:32    337408    ----a-w-    c:\windows\system32\html.iec
2014-03-04 12:32 . 2014-03-04 12:32    24576    ----a-w-    c:\windows\system32\licmgr10.dll
2014-03-04 12:32 . 2014-03-04 12:32    151552    ----a-w-    c:\windows\system32\iexpress.exe
2014-03-04 12:32 . 2014-03-04 12:32    139264    ----a-w-    c:\windows\system32\wextract.exe
2014-03-04 12:32 . 2014-03-04 12:32    13312    ----a-w-    c:\windows\system32\mshta.exe
2014-03-04 12:32 . 2014-03-04 12:32    1051136    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-03-04 12:32 . 2014-03-04 12:32    86016    ----a-w-    c:\windows\system32\iesysprep.dll
2014-03-04 12:32 . 2014-03-04 12:32    74240    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-03-04 12:32 . 2014-03-04 12:32    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-03-04 12:32 . 2014-03-04 12:32    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-03-04 12:32 . 2014-03-04 12:32    36352    ----a-w-    c:\windows\system32\imgutil.dll
2014-03-04 12:32 . 2014-03-04 12:32    111616    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-03-04 12:31 . 2014-03-04 12:31    640512    ----a-w-    c:\windows\system32\advapi32.dll
2014-03-04 12:31 . 2014-03-04 12:31    619520    ----a-w-    c:\windows\system32\tdh.dll
2014-03-04 12:31 . 2014-03-04 12:31    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2014-03-04 12:31 . 2014-03-04 12:31    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2014-03-04 12:31 . 2014-03-04 12:31    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2014-03-04 12:31 . 2014-03-04 12:31    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-03-04 12:31 . 2014-03-04 12:31    231424    ----a-w-    c:\windows\system32\mswsock.dll
2014-03-04 12:31 . 2014-03-04 12:31    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-03-04 12:31 . 2014-03-04 12:31    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-03-04 12:31 . 2014-03-04 12:31    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    906240    ----a-w-    c:\windows\system32\FntCache.dll
2014-03-04 12:31 . 2014-03-04 12:31    604160    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-03-04 12:31 . 2014-03-04 12:31    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-03-04 12:31 . 2014-03-04 12:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    364544    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-03-04 12:31 . 2014-03-04 12:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    293376    ----a-w-    c:\windows\system32\dxgi.dll
2014-03-04 12:31 . 2014-03-04 12:31    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    249856    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-03-04 12:31 . 2014-03-04 12:31    2284544    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-03-04 12:31 . 2014-03-04 12:31    220160    ----a-w-    c:\windows\system32\d3d10core.dll
2014-03-04 12:31 . 2014-03-04 12:31    207872    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-03-04 12:31 . 2014-03-04 12:31    187392    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-03-04 12:31 . 2014-03-04 12:31    161792    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-03-04 12:31 . 2014-03-04 12:31    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-03-04 12:31 . 2014-03-04 12:31    1158144    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-03-04 12:31 . 2014-03-04 12:31    1080832    ----a-w-    c:\windows\system32\d3d10.dll
2014-03-04 12:31 . 2014-03-04 12:31    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-04 12:29 . 2014-03-04 12:29    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-03-02 11:53 . 2009-07-14 02:05    152576    ----a-w-    c:\windows\system32\msclmd.dll
2014-03-01 04:10 . 2014-03-14 07:24    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52 . 2014-03-14 07:24    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-01 03:51 . 2014-03-14 07:24    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38 . 2014-03-14 07:24    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-01 03:38 . 2014-03-14 07:24    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37 . 2014-03-14 07:24    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-01 03:31 . 2014-03-14 07:24    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14 . 2014-03-14 07:24    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-01 03:00 . 2014-03-14 07:24    1964032    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-01 02:32 . 2014-03-14 07:24    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-02-07 01:07 . 2014-03-14 07:23    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-14 07:24    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-01-29 02:06 . 2014-03-14 07:23    381440    ----a-w-    c:\windows\system32\wer.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-21 689744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe" [2014-01-23 3643224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-11-24 31848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-02-21 1017424]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-26 37352]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-21 440400]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-01-23 651232]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-11-24 31848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - MBAMWebAccessControl
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-16  22:38:29
ComboFix-quarantined-files.txt  2014-04-16 20:38
.
Vor Suchlauf: 11 Verzeichnis(se), 94.445.649.920 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 95.443.963.904 Bytes frei
.
- - End Of File - - 5A93AD9CDC5A9A9B09EA14865E028424
2E5DEBB2116B3417023E0D6562D7ED07
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 AM

Posted 16 April 2014 - 05:32 PM


Hello compukerxl6

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 AM

Posted 20 April 2014 - 09:25 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 compukerxl6

compukerxl6
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 21 April 2014 - 09:15 AM

Hello Gringo,

 

I had 2 more Ren Gen block warnings(today and yesterday) from Avira (block access to temp002f47a) before I ran combofix.  Heres the log.

 

Thanks and best wishes,

 

ComboFix 14-04-20.01 - Marion 21.04.2014  15:36:27.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3067.1842 [GMT 2:00]
ausgeführt von:: c:\users\Marion\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Marion\Desktop\CFscript.txt
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-21 bis 2014-04-21  ))))))))))))))))))))))))))))))
.
.
2014-04-21 13:43 . 2014-04-21 13:43    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-04-21 13:43 . 2014-04-21 13:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-20 13:07 . 2014-04-20 13:07    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BEC75F5-A9DB-451F-A385-3E9C3A3E872D}\offreg.dll
2014-04-18 11:35 . 2014-04-17 03:32    8050496    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BEC75F5-A9DB-451F-A385-3E9C3A3E872D}\mpengine.dll
2014-04-15 20:14 . 2014-04-15 20:14    --------    d-----w-    c:\windows\ERUNT
2014-04-14 17:51 . 2014-03-31 00:13    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-04-05 22:07 . 2014-04-05 22:09    --------    d-----w-    C:\FRST
2014-04-02 18:08 . 2014-04-21 06:55    107736    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-02 18:08 . 2014-04-03 07:51    51416    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-02 18:08 . 2014-04-03 07:51    73432    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-02 18:08 . 2014-04-03 07:50    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-02 18:08 . 2014-04-05 22:04    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-04-02 18:08 . 2014-04-02 18:08    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-02 18:08 . 2014-04-02 18:08    --------    d-----w-    c:\users\Marion\AppData\Local\Programs
2014-04-01 06:59 . 2014-04-01 06:59    --------    d-----w-    c:\users\Marion\AppData\Roaming\Lavasoft
2014-03-31 19:51 . 2014-04-15 20:07    --------    d-----w-    C:\AdwCleaner
2014-03-25 20:05 . 2014-03-25 20:05    --------    d-----w-    c:\program files\Lavasoft
2014-03-25 19:58 . 2014-03-25 19:58    --------    d-----w-    c:\program files\Common Files\Lavasoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 07:35 . 2010-01-08 20:51    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-09 18:21 . 2014-03-09 18:21    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-09 18:21 . 2011-10-20 20:11    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-04 12:32 . 2014-03-04 12:32    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-03-04 12:32 . 2014-03-04 12:32    645120    ----a-w-    c:\windows\system32\jsIntl.dll
2014-03-04 12:32 . 2014-03-04 12:32    62464    ----a-w-    c:\windows\system32\tdc.ocx
2014-03-04 12:32 . 2014-03-04 12:32    34816    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-04 12:32 . 2014-03-04 12:32    194048    ----a-w-    c:\windows\system32\elshyph.dll
2014-03-04 12:32 . 2014-03-04 12:32    182272    ----a-w-    c:\windows\system32\msls31.dll
2014-03-04 12:32 . 2014-03-04 12:32    337408    ----a-w-    c:\windows\system32\html.iec
2014-03-04 12:32 . 2014-03-04 12:32    24576    ----a-w-    c:\windows\system32\licmgr10.dll
2014-03-04 12:32 . 2014-03-04 12:32    151552    ----a-w-    c:\windows\system32\iexpress.exe
2014-03-04 12:32 . 2014-03-04 12:32    139264    ----a-w-    c:\windows\system32\wextract.exe
2014-03-04 12:32 . 2014-03-04 12:32    13312    ----a-w-    c:\windows\system32\mshta.exe
2014-03-04 12:32 . 2014-03-04 12:32    1051136    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-03-04 12:32 . 2014-03-04 12:32    86016    ----a-w-    c:\windows\system32\iesysprep.dll
2014-03-04 12:32 . 2014-03-04 12:32    74240    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-03-04 12:32 . 2014-03-04 12:32    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-03-04 12:32 . 2014-03-04 12:32    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-03-04 12:32 . 2014-03-04 12:32    36352    ----a-w-    c:\windows\system32\imgutil.dll
2014-03-04 12:32 . 2014-03-04 12:32    111616    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-03-04 12:31 . 2014-03-04 12:31    640512    ----a-w-    c:\windows\system32\advapi32.dll
2014-03-04 12:31 . 2014-03-04 12:31    619520    ----a-w-    c:\windows\system32\tdh.dll
2014-03-04 12:31 . 2014-03-04 12:31    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2014-03-04 12:31 . 2014-03-04 12:31    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2014-03-04 12:31 . 2014-03-04 12:31    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2014-03-04 12:31 . 2014-03-04 12:31    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-03-04 12:31 . 2014-03-04 12:31    231424    ----a-w-    c:\windows\system32\mswsock.dll
2014-03-04 12:31 . 2014-03-04 12:31    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-03-04 12:31 . 2014-03-04 12:31    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-03-04 12:31 . 2014-03-04 12:31    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    906240    ----a-w-    c:\windows\system32\FntCache.dll
2014-03-04 12:31 . 2014-03-04 12:31    604160    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-03-04 12:31 . 2014-03-04 12:31    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-03-04 12:31 . 2014-03-04 12:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    364544    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-03-04 12:31 . 2014-03-04 12:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    293376    ----a-w-    c:\windows\system32\dxgi.dll
2014-03-04 12:31 . 2014-03-04 12:31    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-04 12:31 . 2014-03-04 12:31    249856    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-03-04 12:31 . 2014-03-04 12:31    2284544    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-03-04 12:31 . 2014-03-04 12:31    220160    ----a-w-    c:\windows\system32\d3d10core.dll
2014-03-04 12:31 . 2014-03-04 12:31    207872    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-03-04 12:31 . 2014-03-04 12:31    187392    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-03-04 12:31 . 2014-03-04 12:31    161792    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-03-04 12:31 . 2014-03-04 12:31    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-03-04 12:31 . 2014-03-04 12:31    1158144    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-03-04 12:31 . 2014-03-04 12:31    1080832    ----a-w-    c:\windows\system32\d3d10.dll
2014-03-04 12:31 . 2014-03-04 12:31    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-04 12:29 . 2014-03-04 12:29    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-03-02 11:53 . 2009-07-14 02:05    152576    ----a-w-    c:\windows\system32\msclmd.dll
2014-03-01 04:10 . 2014-03-14 07:24    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52 . 2014-03-14 07:24    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-01 03:51 . 2014-03-14 07:24    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38 . 2014-03-14 07:24    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-01 03:38 . 2014-03-14 07:24    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37 . 2014-03-14 07:24    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-01 03:31 . 2014-03-14 07:24    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14 . 2014-03-14 07:24    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-01 03:00 . 2014-03-14 07:24    1964032    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-01 02:32 . 2014-03-14 07:24    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-02-07 01:07 . 2014-03-14 07:23    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-14 07:24    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-01-29 02:06 . 2014-03-14 07:23    381440    ----a-w-    c:\windows\system32\wer.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-21 689744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe" [2014-01-23 3643224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-11-24 31848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-02-21 1017424]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-26 37352]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-02-21 440400]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-01-23 651232]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-11-24 31848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-21  15:45:25
ComboFix-quarantined-files.txt  2014-04-21 13:45
ComboFix2.txt  2014-04-16 20:38
.
Vor Suchlauf: 14 Verzeichnis(se), 95.245.729.792 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 95.107.018.752 Bytes frei
.
- - End Of File - - ED85A8171DBEAC19EEE23FFBC1379CAA
2E5DEBB2116B3417023E0D6562D7ED07
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 AM

Posted 21 April 2014 - 12:34 PM


Hello compukerxl6

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users