Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/FakeAV.1170432.5 in db21.exe


  • This topic is locked This topic is locked
25 replies to this topic

#1 Kelaz

Kelaz

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:41 AM

Posted 10 January 2015 - 05:51 AM

Hello guys!

 

First, please note that I am from germany, so please excuse me if my english isn't perfect.

I have a problem with my girlfriend's  laptop.

It is a Lenovo laptop running with Windows 7.

Since yesterday the System plays sounds with advertisements in the background itselfs.

When this occurs there is no task running in the taskmanager.

Today Avira Antivirus found an infected file named db21.exe in the temp-folder with

the name "TR/FakeAV.117432.5", but was not able to remove it.

 

I googled for it and found an instruction on http://www.freefixer.com/library/file/db21.exe-159917/ .

I downloaded the "Freefixer" software and followed the instructions on their website.

After I scanned and deleted the db21.exe file with Freefixer and restarted the laptop, the file was still existing.

I runned Freefixer a second time, just like they told me on their website, but still no positive result.

 

Now I hope that you can help me with this problem.

Please tell me if you need any logs or something like that.

 

Thanks,

Kelaz


Edited by Kelaz, 10 January 2015 - 05:58 AM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 PM

Posted 10 January 2015 - 10:56 AM

Servus!
Mal sehen, ob wir das Problem lösen können. ;)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Kelaz

Kelaz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:41 AM

Posted 10 January 2015 - 01:17 PM

Mahlzeit! Hab ich doch Glück und erwische den Münchner Forenmitarbeiter hier. :)

Hoffe das Problem kann behoben werden.

 

At first the "Addition.txt"-Log. FRST.log will follow in the next post.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2015
Ran by Janine at 2015-01-10 19:12:33
Running from C:\Users\Janine\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira System Speedup 1.5 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{6D7FCC52-8DDA-441C-849A-4BB7C7E3BF2E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM-x32\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
phase6_17 (HKLM-x32\...\{EFFE151C-F863-4B1E-9E22-3C1369B4C690}) (Version: 1.70.0000 - phase6)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{E1949FF0-9835-41AC-81E4-E6D9CDCBE49E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-12-2014 15:31:07 Avira System Speedup 1.5
22-12-2014 13:33:09 Windows Update
29-12-2014 17:54:10 Geplanter Prüfpunkt
07-01-2015 15:14:24 phase6_17 wird installiert
07-01-2015 15:20:10 phase6_17 wird entfernt
07-01-2015 15:21:07 phase6_17 wird installiert
08-01-2015 17:49:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2015 17:58:44 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 16:33:51 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 16:42:10 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 09:40:42 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 09:50:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 10:24:31 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 10:24:31 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 10:52:23 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 10:53:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 15:40:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 18:58:27 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {20DF93CF-7DE7-42F8-8FA5-22929E9981C0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {247FFAB5-380A-437A-9A90-AC8F64196555} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
Task: {2DFCCCA8-BCDC-4A07-B1EB-23EAF240ED69} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG)
Task: {5592EBA8-F41F-47B0-A9EA-EEB34AF6F844} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {602B4156-AD65-4A29-A0DD-6F94B58213CF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {912F8FA1-23FD-4568-A295-2B9276A85381} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2014-09-16] (Kephyr)
Task: {CFB0C65E-7AFF-4050-9763-D3D3E936222E} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {FFD62B08-0049-476C-A723-748535EDE455} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-13 14:06 - 2014-08-13 14:06 - 00709120 _____ () C:\Program Files\004\rqpbhevlkc64.exe
2015-01-10 10:50 - 2015-01-10 10:50 - 01170432 _____ () c:\windows\temp\db21.exe
2012-05-23 13:01 - 2012-05-23 13:01 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2012-05-23 13:01 - 2012-05-23 13:01 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2012-05-23 12:34 - 2011-03-25 10:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 04:20 - 2012-05-23 13:12 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2012-05-23 13:12 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2015-01-10 09:49 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-10 09:49 - 2015-01-08 20:58 - 00087208 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2012-05-23 13:01 - 2012-05-23 13:01 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-10-21 17:52 - 2014-10-21 17:52 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\17c296575fad30d021e6370dc70cf800\IsdiInterop.ni.dll
2012-05-23 12:33 - 2011-02-18 09:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-10 18:11 - 2014-12-10 18:11 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-10 09:49 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-10 09:49 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-10 09:49 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-10 09:49 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2570336987-1576757077-3548412621-500 - Administrator - Disabled)
Gast (S-1-5-21-2570336987-1576757077-3548412621-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2570336987-1576757077-3548412621-1002 - Limited - Enabled)
Janine (S-1-5-21-2570336987-1576757077-3548412621-1000 - Administrator - Enabled) => C:\Users\Janine

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 07:04:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (01/10/2015 07:04:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/10/2015 07:04:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/10/2015 06:59:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 03:50:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (01/10/2015 03:50:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/10/2015 03:50:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/10/2015 03:47:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 03:46:44 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "Compatibility Verify" konnte nicht heruntergefahren werden.

Error: (01/10/2015 03:43:13 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: Ein kritischer Systemprozess C:\windows\system32\lsass.exe ist fehlgeschlagen mit den Statuscode 255. Der Computer muss neu gestartet werden.


System errors:
=============
Error: (01/10/2015 06:58:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/10/2015 03:56:08 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "G:" können nicht gelesen werden.

Error: (01/10/2015 03:56:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2.

Error: (01/10/2015 03:56:04 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2.

Error: (01/10/2015 03:55:51 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2.

Error: (01/10/2015 03:55:41 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2.

Error: (01/10/2015 03:55:31 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2.

Error: (01/10/2015 03:55:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2.

Error: (01/10/2015 03:55:10 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2.

Error: (01/10/2015 03:54:59 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2.


Microsoft Office Sessions:
=========================
Error: (01/10/2015 07:04:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/10/2015 07:04:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/10/2015 07:04:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/10/2015 06:59:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 03:50:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/10/2015 03:50:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/10/2015 03:50:04 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (01/10/2015 03:47:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 03:46:44 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: 1C:\Users\Janine\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exeCompatibility Verify0302621612012143003A005C00550073006500720073005C004A0061006E0069006E0065005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0043006F006D007000610074006900620069006C006900740079002000560065007200690066006900650072005C0063006F006D007000610074006900620069006C0069007400790063006800650063006B007300760063002E006500780065000000

Error: (01/10/2015 03:43:13 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\windows\system32\lsass.exe255


==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8135.86 MB
Available physical RAM: 5096.3 MB
Total Pagefile: 16269.9 MB
Available Pagefile: 12960.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:200.96 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:28.87 GB) NTFS
Drive f: (PHASE6_17) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 714BCDD1)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================


Now the FRST.txt-Log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2015
Ran by Janine (administrator) on JANINE-PC on 10-01-2015 19:09:17
Running from C:\Users\Janine\Desktop
Loaded Profile: Janine (Available profiles: Janine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\004\rqpbhevlkc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Windows\Temp\db21.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-05-23] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-05-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-05-23] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-23] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase6_17_erinnerung.lnk
ShortcutTarget: phase6_17_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_17\WinStart\WinStart.exe (phase6)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrkL6AMkVAcJ3mJAY1j_lP4sU-Et_L7LFoOd9-MPYGrJWVgSKJQOscN--wsOZFjqtqGTjcIke55dLonLC5xPxddWoZAfLDlo4VEhf6QGjALC6UJ2vSHjXWqmUyOm_JJHK3UYXssIXfQzxFhZfBRw1vGU2OR2QZA,
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrkL6AMkVAcJ3mJAY1j_lP4sU-Et_L7LFoOd9-MPYGrJWVgSKJQOscN--wsOZFjqtqGTjcIke55dLonLOzQhydaWdibwr-4rj4HSBLCvJWgQTXdfP4d00XHnkbh5hIzeU2dBIh8al1etsjZJCg3yDWWz3kGH_oA,,&q={searchTerms}
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.safefinder.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrkL6AMkVAcJ3mJAY1j_lP4sU-Et_L7LFoOd9-MPYGrJWVgSKJQOscN--wsOZFjqtqGTjcIke55dLonLOzQhydaWdibwr-4rj4HSBLCvJWgQTXdfP4d00XHnkbh5hIzeU2dBIh8al1etsjZJCg3yDWWz3kGH_oA,,&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2570336987-1576757077-3548412621-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrkL6AMkVAcJ3mJAY1j_lP4sU-Et_L7LFoOd9-MPYGrJWVgSKJQOscN--wsOZFjqtqGTjcIke55dLonLOzQhydaWdibwr-4rj4HSBLCvJWgQTXdfP4d00XHnkbh5hIzeU2dBIh8al1etsjZJCg3yDWWz3kGH_oA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2570336987-1576757077-3548412621-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrkL6AMkVAcJ3mJAY1j_lP4sU-Et_L7LFoOd9-MPYGrJWVgSKJQOscN--wsOZFjqtqGTjcIke55dLonLOzQhydaWdibwr-4rj4HSBLCvJWgQTXdfP4d00XHnkbh5hIzeU2dBIh8al1etsjZJCg3yDWWz3kGH_oA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2570336987-1576757077-3548412621-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2570336987-1576757077-3548412621-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2570336987-1576757077-3548412621-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default
FF DefaultSearchEngine: SafeFinder Search
FF SelectedSearchEngine: SafeFinder Search
FF Homepage: google.de
FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrkL6AMkVAcJ3mJAY1j_lP4sU-Et_L7LFoOd9-MPYGrJWVgSKJQOscN--wsOZFjqtqGTjcIke55dLonLOzQhydaWdibwr-4rj4HSBLCvJWgQTXdfP4d00XHnkbh5hIzeU2dBIh8al1etsjZJCg3yDWWz3kGH_oA,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\searchplugins\SafeFinder Search.xml
FF Extension: Avira Browser Safety - C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\Extensions\abs@avira.com [2015-01-08]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-08-13]
FF Extension: Cliqz Beta - C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\Extensions\cliqz@cliqz.com.xpi [2014-09-17]
FF Extension: Adblock Plus - C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-13]
FF HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-17]
CHR Extension: (Google Drive) - C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-17]
CHR Extension: (Google Wallet) - C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30]
CHR Extension: (Google Mail) - C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe [709120 2014-08-13] () [File not signed]
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-25] (NetFilterSDK.com)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 19:09 - 2015-01-10 19:11 - 00019092 _____ () C:\Users\Janine\Desktop\FRST.txt
2015-01-10 19:04 - 2015-01-10 19:09 - 00000000 ____D () C:\FRST
2015-01-10 19:02 - 2015-01-10 19:02 - 02124288 _____ (Farbar) C:\Users\Janine\Desktop\FRST64.exe
2015-01-10 10:49 - 2010-03-08 11:10 - 00013824 _____ (Kephyr) C:\windows\system32\ffnd.exe
2015-01-10 10:05 - 2015-01-10 15:36 - 00000310 _____ () C:\windows\Tasks\FreeFixer background scan.job
2015-01-10 10:05 - 2015-01-10 10:20 - 00000000 ____D () C:\Users\Janine\AppData\Roaming\FreeFixer
2015-01-10 10:05 - 2015-01-10 10:15 - 00000000 ____D () C:\Users\Janine\AppData\Local\FreeFixer
2015-01-10 10:05 - 2015-01-10 10:05 - 00002976 _____ () C:\windows\System32\Tasks\FreeFixer background scan
2015-01-10 10:05 - 2015-01-10 10:05 - 00000000 ____D () C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2015-01-10 10:05 - 2015-01-10 10:05 - 00000000 ____D () C:\Program Files\FreeFixer
2015-01-10 10:04 - 2015-01-10 10:04 - 02666167 _____ (Kephyr) C:\Users\Janine\Downloads\freefixersetup.exe
2015-01-10 09:54 - 2015-01-10 09:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-10 09:54 - 2015-01-10 09:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-10 09:54 - 2015-01-10 09:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-10 09:54 - 2015-01-10 09:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-10 09:49 - 2015-01-10 19:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-10 09:49 - 2015-01-10 19:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-09 14:24 - 2015-01-09 14:28 - 00013899 _____ () C:\Users\Janine\Documents\ADAC Supercross.odt
2015-01-08 17:48 - 2015-01-10 15:42 - 00000000 ____D () C:\Users\Janine\AppData\Roaming\Compatibility Verifier
2015-01-07 15:21 - 2015-01-07 15:21 - 00001984 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\phase6_17.lnk
2015-01-07 15:21 - 2015-01-07 15:21 - 00001978 _____ () C:\Users\Public\Desktop\phase6_17.lnk
2015-01-07 15:21 - 2015-01-07 15:21 - 00000000 ____D () C:\Program Files (x86)\phase6
2015-01-07 15:18 - 2015-01-10 19:00 - 00000000 ____D () C:\Users\Public\Documents\phase6_17_Daten
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 __RHD () C:\Users\Janine\AppData\Roaming\SecuROM
2015-01-03 18:57 - 2015-01-03 18:57 - 00262144 _____ () C:\windows\Minidump\010315-22916-01.dmp
2015-01-02 21:48 - 2015-01-02 21:48 - 00015643 _____ () C:\Users\Janine\Documents\Tasso.odt
2014-12-19 07:50 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-19 07:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-13 16:09 - 2014-12-13 16:09 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-12 22:35 - 2014-12-12 22:50 - 154449356 _____ () C:\Users\Janine\Downloads\1243762518768475269189868752387.rar
2014-12-12 16:26 - 2014-12-27 16:46 - 00011237 _____ () C:\Users\Janine\Documents\Vormblatt.odt
2014-12-12 15:26 - 2014-12-12 15:26 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-12 15:20 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-12 15:20 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-12 15:20 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-12 15:20 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-12 15:20 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-12 15:20 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-12 15:20 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-12 15:20 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-12 15:20 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-12 15:20 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-12 15:19 - 2014-12-12 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-12 15:19 - 2014-12-12 15:19 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-11 20:55 - 2014-12-12 15:19 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-11 20:55 - 2014-12-11 20:55 - 00000000 ____D () C:\Users\Janine\AppData\Local\Adobe
2014-12-11 19:46 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-11 19:46 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-11 19:46 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-11 19:46 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-11 19:46 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-11 19:46 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-11 19:46 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-11 19:46 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-11 19:45 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-11 19:45 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-11 19:45 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-11 19:45 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-11 19:45 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-11 19:45 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-11 19:45 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-11 19:45 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-11 19:45 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-11 19:45 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-11 19:45 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-11 19:45 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-11 19:45 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-11 19:45 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-11 19:45 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-11 19:45 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-11 19:45 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-11 19:45 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-11 19:45 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-11 19:45 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-11 19:45 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 19:45 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-11 19:45 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-11 19:45 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-11 19:45 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-11 19:45 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-11 19:45 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-11 19:45 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-11 19:45 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-11 19:45 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-11 19:45 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-11 19:45 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-11 19:45 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-11 19:45 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-11 19:45 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-11 19:45 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-11 19:45 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-11 19:45 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-11 19:45 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-11 19:45 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 19:45 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-11 19:45 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-11 19:45 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-11 19:45 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-11 19:45 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-11 19:45 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-11 19:45 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-11 19:45 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-11 19:45 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-11 19:45 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-11 19:45 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-11 19:45 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-11 19:45 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-11 19:45 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-11 19:45 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-11 19:45 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-11 19:45 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-11 19:44 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-11 19:44 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-11 19:44 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-11 19:44 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-11 19:44 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-11 19:44 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 19:44 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-11 19:44 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-11 19:44 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-11 19:44 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-11 19:44 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 19:44 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-11 19:44 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-11 19:44 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 19:08 - 2009-07-14 05:45 - 00028704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 19:08 - 2009-07-14 05:45 - 00028704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 19:04 - 2012-05-23 12:15 - 01084028 _____ () C:\windows\WindowsUpdate.log
2015-01-10 19:04 - 2012-05-23 03:56 - 02945678 _____ () C:\windows\system32\perfh007.dat
2015-01-10 19:04 - 2012-05-23 03:56 - 00867274 _____ () C:\windows\system32\perfc007.dat
2015-01-10 19:04 - 2009-07-14 06:13 - 00006208 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-10 19:02 - 2014-08-17 15:20 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 18:59 - 2012-05-23 13:09 - 00647371 _____ () C:\windows\system32\fastboot.set
2015-01-10 18:59 - 2012-05-23 13:01 - 00396888 _____ () C:\FaceProv.log
2015-01-10 18:59 - 2012-05-23 13:01 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-10 18:57 - 2014-11-11 16:22 - 00002511 _____ () C:\windows\setupact.log
2015-01-10 18:57 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-10 15:53 - 2014-08-13 08:36 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 15:42 - 2014-11-05 09:58 - 00000000 ____D () C:\Users\Janine\Documents\Kosten
2015-01-10 10:50 - 2014-11-11 16:22 - 00160214 _____ () C:\windows\PFRO.log
2015-01-08 17:49 - 2014-11-09 15:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 15:22 - 2014-08-13 06:29 - 00000000 ____D () C:\Users\Janine\AppData\Local\VirtualStore
2015-01-05 20:43 - 2014-08-17 15:20 - 00000000 ____D () C:\Users\Janine\AppData\Roaming\PhotoScape
2015-01-03 18:57 - 2014-12-07 20:58 - 455212866 _____ () C:\windows\MEMORY.DMP
2015-01-03 18:57 - 2014-09-30 16:33 - 00000000 ____D () C:\windows\Minidump
2014-12-14 14:00 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-13 16:09 - 2014-11-09 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-13 16:09 - 2014-11-09 15:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-13 11:57 - 2014-08-17 15:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 15:31 - 2014-11-09 15:18 - 00000000 ____D () C:\Users\Janine\AppData\Local\AviraSpeedup
2014-12-12 15:31 - 2014-11-09 15:17 - 00003320 _____ () C:\windows\System32\Tasks\AviraSpeedup
2014-12-12 15:31 - 2014-11-09 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-12-12 15:28 - 2014-08-13 06:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 15:28 - 2009-07-14 05:45 - 00290536 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-12 15:26 - 2014-08-24 13:03 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 15:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-12 15:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-11 20:55 - 2014-08-13 08:36 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 20:55 - 2014-08-13 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 20:55 - 2014-08-13 08:36 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 20:55 - 2012-05-23 12:55 - 00000000 ____D () C:\ProgramData\McAfee

Some content of TEMP:
====================
C:\Users\Janine\AppData\Local\Temp\avgnt.exe
C:\Users\Janine\AppData\Local\Temp\drm_dyndata.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 14:11

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 PM

Posted 10 January 2015 - 01:45 PM

Hey,

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Kelaz

Kelaz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:41 AM

Posted 10 January 2015 - 02:35 PM

AdwCleaner-Log now. Malwarebytes will follow.

 

# AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 20:24:18
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Janine - JANINE-PC
# Gestartet von : C:\Users\Janine\Desktop\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : netfilter64
Dienst Gelöscht : rqpbhevlkc64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files\004
Ordner Gelöscht : C:\Program Files\CouponDownloader
Ordner Gelöscht : C:\Program Files\FreeFixer
Ordner Gelöscht : C:\Users\Janine\AppData\Local\FreeFixer
Ordner Gelöscht : C:\Users\Janine\AppData\Roaming\FreeFixer
Ordner Gelöscht : C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
Ordner Gelöscht : C:\Users\Janine\Documents\PC Speed Maximizer
Datei Gelöscht : C:\windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\searchplugins\SafeFinder Search.xml

***** [ Tasks ] *****

Task Gelöscht : FreeFixer background scan

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C817D3D8-B9DA-521D-971D-2C0A747EA697}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C817D3D8-B9DA-521D-971D-2C0A747EA697}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v34.0.5 (x86 de)

[umwqx1il.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "SafeFinder Search");
[umwqx1il.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "SafeFinder Search");
[umwqx1il.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrkL6AMkVAcJ3mJAY1j_lP4sU-Et_L7LFoOd9-MPYGrJWVgSKJQOscN--wsOZFjqtqGTjcIke55dLonLOzQhydaWdibwr-4rj4HSB[...]

-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [7620 octets] - [10/01/2015 20:22:10]
AdwCleaner[S0].txt - [5473 octets] - [10/01/2015 20:24:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5533 octets] ##########
 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 PM

Posted 10 January 2015 - 02:58 PM

OK, ich warte. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Kelaz

Kelaz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:41 AM

Posted 10 January 2015 - 03:13 PM

After i runed the Malwarebytes and let the computer reboot, i couldn't see the detailed log.

Is it saved anywhere?



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 PM

Posted 10 January 2015 - 03:21 PM

  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Kelaz

Kelaz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:41 AM

Posted 10 January 2015 - 03:23 PM

JRT-Log...

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Janine on 10.01.2015 at 21:18:15,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\s.bat"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Janine\AppData\Roaming\mozilla\firefox\profiles\umwqx1il.default\minidumps [20 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2015 at 21:21:26,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#10 Kelaz

Kelaz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:41 AM

Posted 10 January 2015 - 03:26 PM

Malwarebytes Log...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10.01.2015
Scan Time: 20:38:17
Logfile: Malware Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.10.15
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Janine

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324184
Time Elapsed: 17 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 10
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4272, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4028, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4184, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3436, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 5064, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4232, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1680, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1292, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 848, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, 1824, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16]

Modules: 10
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],

Registry Keys: 1
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, Quarantined, [296f1cd8f99039fd9be6beabf013ea16],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, Quarantined, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\locales, Quarantined, [75239163cfbae94d641d670217ec20e0],

Files: 31
PUP.Optional.OpenCandy, C:\Users\Janine\Downloads\PhotoScape_V3.6.5.exe, Quarantined, [21776f8599f05bdb904b773e60a517e9],
PUP.Optional.LiveSoftAction, C:\Users\Janine\Downloads\YAMAHA YZF-R6-2003 user guide provided through pdfretriever.com(1).exe, Quarantined, [6335df15e2a7aa8cbd81c2fd897c659b],
PUP.Optional.LiveSoftAction, C:\Users\Janine\Downloads\YAMAHA YZF-R6-2003 user guide provided through pdfretriever.com.exe, Quarantined, [f0a8e113fa8f2511f648dae5778ec23e],
PUP.Optional.SnapDo.A, C:\Windows\Installer\18c4ef2.msi, Quarantined, [b1e7cb297b0e6fc79ece0b9af70a0af6],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI315B.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [2573c33197f277bffb8876b8fc041ae6],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, Quarantined, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Delete-on-Reboot, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, Quarantined, [296f1cd8f99039fd9be6beabf013ea16],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\cef.pak, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\debug.log, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\icudtl.dat, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\libEGL.dll, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Quarantined, [75239163cfbae94d641d670217ec20e0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Janine\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, Quarantined, [75239163cfbae94d641d670217ec20e0],

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by Kelaz, 10 January 2015 - 03:38 PM.


#11 Kelaz

Kelaz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:41 AM

Posted 10 January 2015 - 03:29 PM

New FRST-Log...

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2015
Ran by Janine (administrator) on JANINE-PC on 10-01-2015 21:28:06
Running from C:\Users\Janine\Desktop
Loaded Profile: Janine (Available profiles: Janine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-05-23] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-05-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-05-23] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-23] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase6_17_erinnerung.lnk
ShortcutTarget: phase6_17_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_17\WinStart\WinStart.exe (phase6)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2570336987-1576757077-3548412621-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2570336987-1576757077-3548412621-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\Extensions\abs@avira.com [2015-01-08]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-08-13]
FF Extension: Cliqz Beta - C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\Extensions\cliqz@cliqz.com.xpi [2014-09-17]
FF Extension: Adblock Plus - C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\umwqx1il.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-13]
FF HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-17]
CHR Extension: (Google Drive) - C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-17]
CHR Extension: (Google Wallet) - C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30]
CHR Extension: (Google Mail) - C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 21:21 - 2015-01-10 21:21 - 00000810 _____ () C:\Users\Janine\Desktop\JRT.txt
2015-01-10 21:18 - 2015-01-10 21:18 - 00000000 ____D () C:\windows\ERUNT
2015-01-10 21:14 - 2015-01-10 21:14 - 01707939 _____ (Thisisu) C:\Users\Janine\Desktop\JRT.exe
2015-01-10 20:37 - 2015-01-10 21:24 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 20:36 - 2015-01-10 20:36 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 20:36 - 2015-01-10 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 20:36 - 2015-01-10 20:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-10 20:36 - 2015-01-10 20:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-10 20:36 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-10 20:36 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-10 20:36 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-10 20:22 - 2015-01-10 20:24 - 00000000 ____D () C:\AdwCleaner
2015-01-10 20:18 - 2015-01-10 20:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Janine\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-10 20:17 - 2015-01-10 20:17 - 02191360 _____ () C:\Users\Janine\Desktop\AdwCleaner.exe
2015-01-10 19:12 - 2015-01-10 19:13 - 00023288 _____ () C:\Users\Janine\Desktop\Addition.txt
2015-01-10 19:09 - 2015-01-10 21:28 - 00014280 _____ () C:\Users\Janine\Desktop\FRST.txt
2015-01-10 19:04 - 2015-01-10 21:28 - 00000000 ____D () C:\FRST
2015-01-10 19:02 - 2015-01-10 19:02 - 02124288 _____ (Farbar) C:\Users\Janine\Desktop\FRST64.exe
2015-01-10 10:49 - 2010-03-08 11:10 - 00013824 _____ (Kephyr) C:\windows\system32\ffnd.exe
2015-01-10 10:04 - 2015-01-10 10:04 - 02666167 _____ (Kephyr) C:\Users\Janine\Downloads\freefixersetup.exe
2015-01-10 09:54 - 2015-01-10 09:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-10 09:54 - 2015-01-10 09:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-10 09:54 - 2015-01-10 09:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-10 09:54 - 2015-01-10 09:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-09 14:24 - 2015-01-09 14:28 - 00013899 _____ () C:\Users\Janine\Documents\ADAC Supercross.odt
2015-01-07 15:21 - 2015-01-07 15:21 - 00001984 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\phase6_17.lnk
2015-01-07 15:21 - 2015-01-07 15:21 - 00001978 _____ () C:\Users\Public\Desktop\phase6_17.lnk
2015-01-07 15:21 - 2015-01-07 15:21 - 00000000 ____D () C:\Program Files (x86)\phase6
2015-01-07 15:18 - 2015-01-10 21:09 - 00000000 ____D () C:\Users\Public\Documents\phase6_17_Daten
2015-01-07 15:18 - 2015-01-07 15:18 - 00000000 __RHD () C:\Users\Janine\AppData\Roaming\SecuROM
2015-01-03 18:57 - 2015-01-03 18:57 - 00262144 _____ () C:\windows\Minidump\010315-22916-01.dmp
2015-01-02 21:48 - 2015-01-02 21:48 - 00015643 _____ () C:\Users\Janine\Documents\Tasso.odt
2014-12-19 07:50 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-19 07:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-13 16:09 - 2014-12-13 16:09 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-12 22:35 - 2014-12-12 22:50 - 154449356 _____ () C:\Users\Janine\Downloads\1243762518768475269189868752387.rar
2014-12-12 16:26 - 2014-12-27 16:46 - 00011237 _____ () C:\Users\Janine\Documents\Vormblatt.odt
2014-12-12 15:26 - 2014-12-12 15:26 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-12 15:20 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-12 15:20 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-12 15:20 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-12 15:20 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-12 15:20 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-12 15:20 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-12 15:20 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-12 15:20 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-12 15:20 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-12 15:20 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-12 15:19 - 2014-12-12 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-12 15:19 - 2014-12-12 15:19 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-11 20:55 - 2014-12-12 15:19 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-11 20:55 - 2014-12-11 20:55 - 00000000 ____D () C:\Users\Janine\AppData\Local\Adobe
2014-12-11 19:46 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-11 19:46 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-11 19:46 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-11 19:46 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-11 19:46 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-11 19:46 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-11 19:46 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-11 19:46 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-11 19:45 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-11 19:45 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-11 19:45 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-11 19:45 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-11 19:45 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-11 19:45 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-11 19:45 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-11 19:45 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-11 19:45 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-11 19:45 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-11 19:45 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-11 19:45 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-11 19:45 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-11 19:45 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-11 19:45 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-11 19:45 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-11 19:45 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-11 19:45 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-11 19:45 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-11 19:45 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-11 19:45 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 19:45 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-11 19:45 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-11 19:45 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-11 19:45 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-11 19:45 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-11 19:45 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-11 19:45 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-11 19:45 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-11 19:45 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-11 19:45 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-11 19:45 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-11 19:45 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-11 19:45 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-11 19:45 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-11 19:45 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-11 19:45 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-11 19:45 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-11 19:45 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-11 19:45 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 19:45 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-11 19:45 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-11 19:45 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-11 19:45 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-11 19:45 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-11 19:45 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-11 19:45 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-11 19:45 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-11 19:45 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-11 19:45 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-11 19:45 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-11 19:45 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-11 19:45 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-11 19:45 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-11 19:45 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-11 19:45 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-11 19:45 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-11 19:44 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-11 19:44 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-11 19:44 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-11 19:44 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-11 19:44 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-11 19:44 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 19:44 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-11 19:44 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-11 19:44 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-11 19:44 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-11 19:44 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 19:44 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-11 19:44 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-11 19:44 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 21:16 - 2009-07-14 05:45 - 00028704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 21:16 - 2009-07-14 05:45 - 00028704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 21:14 - 2012-05-23 03:56 - 02975262 _____ () C:\windows\system32\perfh007.dat
2015-01-10 21:14 - 2012-05-23 03:56 - 00876746 _____ () C:\windows\system32\perfc007.dat
2015-01-10 21:14 - 2009-07-14 06:13 - 00006208 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-10 21:09 - 2012-05-23 13:09 - 00651511 _____ () C:\windows\system32\fastboot.set
2015-01-10 21:08 - 2014-11-11 16:22 - 00002623 _____ () C:\windows\setupact.log
2015-01-10 21:08 - 2012-05-23 13:01 - 00402567 _____ () C:\FaceProv.log
2015-01-10 21:08 - 2012-05-23 13:01 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-10 21:08 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-10 21:07 - 2014-11-11 16:22 - 00170646 _____ () C:\windows\PFRO.log
2015-01-10 21:07 - 2012-05-23 12:15 - 01103826 _____ () C:\windows\WindowsUpdate.log
2015-01-10 21:02 - 2014-08-17 15:20 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 20:53 - 2014-08-13 08:36 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 15:42 - 2014-11-05 09:58 - 00000000 ____D () C:\Users\Janine\Documents\Kosten
2015-01-08 17:49 - 2014-11-09 15:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 15:22 - 2014-08-13 06:29 - 00000000 ____D () C:\Users\Janine\AppData\Local\VirtualStore
2015-01-05 20:43 - 2014-08-17 15:20 - 00000000 ____D () C:\Users\Janine\AppData\Roaming\PhotoScape
2015-01-03 18:57 - 2014-12-07 20:58 - 455212866 _____ () C:\windows\MEMORY.DMP
2015-01-03 18:57 - 2014-09-30 16:33 - 00000000 ____D () C:\windows\Minidump
2014-12-14 14:00 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-13 16:09 - 2014-11-09 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-13 16:09 - 2014-11-09 15:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-13 11:57 - 2014-08-17 15:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 15:31 - 2014-11-09 15:18 - 00000000 ____D () C:\Users\Janine\AppData\Local\AviraSpeedup
2014-12-12 15:31 - 2014-11-09 15:17 - 00003320 _____ () C:\windows\System32\Tasks\AviraSpeedup
2014-12-12 15:31 - 2014-11-09 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-12-12 15:28 - 2014-08-13 06:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-12 15:28 - 2009-07-14 05:45 - 00290536 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-12 15:26 - 2014-08-24 13:03 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 15:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-12 15:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-11 20:55 - 2014-08-13 08:36 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 20:55 - 2014-08-13 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 20:55 - 2014-08-13 08:36 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 20:55 - 2012-05-23 12:55 - 00000000 ____D () C:\ProgramData\McAfee

Some content of TEMP:
====================
C:\Users\Janine\AppData\Local\Temp\avgnt.exe
C:\Users\Janine\AppData\Local\Temp\drm_dyndata.dll
C:\Users\Janine\AppData\Local\Temp\Quarantine.exe
C:\Users\Janine\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 14:11

==================== End Of Log ============================



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 PM

Posted 10 January 2015 - 03:32 PM

Was ist nun mit dem MBAM Log?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Kelaz

Kelaz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:41 AM

Posted 10 January 2015 - 03:38 PM

Oh entschuldige. Hatte noch den falschen Log im Zwischenspeicher. Post ist editiert oben.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:41 PM

Posted 10 January 2015 - 03:57 PM

Abend,

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-2570336987-1576757077-3548412621-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Kelaz

Kelaz
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:41 AM

Posted 10 January 2015 - 04:14 PM

FRST Fixlog...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-01-2015
Ran by Janine at 2015-01-10 22:06:36 Run:1
Running from C:\Users\Janine\Desktop
Loaded Profile: Janine (Available profiles: Janine)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2570336987-1576757077-3548412621-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2570336987-1576757077-3548412621-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKCR\PROTOCOLS\Handler\livecall" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
"HKCR\PROTOCOLS\Handler\msnim" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
EmptyTemp: => Removed 942.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:07:14 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users