Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Infected


  • Please log in to reply
13 replies to this topic

#1 therealneuerurs

therealneuerurs

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 10 June 2015 - 12:40 PM

got the same problem. was stupid enough to open the link, cause I was actually expecting a parcel.

 

 Results of screen317's Security Check version 1.003  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 18.0.0.160  
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox (38.0.5) 
 Google Chrome (43.0.2357.124) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Andreas Desktop DHL Virus Removal SecurityCheck.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


BC AdBot (Login to Remove)

 


#2 therealneuerurs

therealneuerurs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 10 June 2015 - 12:44 PM

Farbar Service Scanner Version: 17-01-2015
Ran by Andreas (administrator) on 10-06-2015 at 19:41:24
Running from "C:\Users\Andreas\Desktop\DHL Virus Removal"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#3 therealneuerurs

therealneuerurs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 10 June 2015 - 12:46 PM

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Andreas (administrator) on 10-06-2015 at 19:46:06
Running from "C:\Users\Andreas\Desktop\DHL Virus Removal"
Microsoft Windows 8.1  (X64)
Model: X75VC Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = WiFi (Connected)
Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 = Ethernet 2 (Hardware not present)
PCI-E-Gigabit-Ethernet-Controller Qualcomm Atheros AR8161 (NDIS 6.30) = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="LAN-Verbindung* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-Verbindung* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled metric=1 nud=enabled ignoredefaultroutes=disabled
 
 
popd
# Ende der IPv4-Konfiguration
 
 
 
Windows-IP-Konfiguration
 
   Hostname  . . . . . . . . . . . . : Andy
   Primres DNS-Suffix . . . . . . . : 
   Knotentyp . . . . . . . . . . . . : Peer-Peer
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein
   DNS-Suffixsuchliste . . . . . . . : localdomain
 
Drahtlos-LAN-Adapter LAN-Verbindung* 11:
 
   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Virtueller Microsoft-Adapter fr direktes WiFi
   Physische Adresse . . . . . . . . : 20-68-9D-75-78-A5
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
 
Ethernet-Adapter Ethernet:
 
   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : PCI-E-Gigabit-Ethernet-Controller Qualcomm Atheros AR8161 (NDIS 6.30)
   Physische Adresse . . . . . . . . : 74-D0-2B-76-C6-DD
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
 
Drahtlos-LAN-Adapter WiFi:
 
   Verbindungsspezifisches DNS-Suffix: localdomain
   Beschreibung. . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physische Adresse . . . . . . . . : 20-68-9D-75-78-A5
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::c934:688d:2818:d5b%3(Bevorzugt) 
   IPv4-Adresse  . . . . . . . . . . : 192.168.1.8(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Mittwoch, 10. Juni 2015 06:11:39
   Lease luft ab. . . . . . . . . . : Mittwoch, 17. Juni 2015 12:11:29
   Standardgateway . . . . . . . . . : 192.168.1.1
   DHCP-Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6-IAID . . . . . . . . . . . : 320891037
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1B-3E-E4-1D-74-D0-2B-76-C6-DD
   DNS-Server  . . . . . . . . . . . : 192.168.1.1
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert
 
Tunneladapter LAN-Verbindung* 13:
 
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fb:cc1:34c1:3f57:fef7(Bevorzugt) 
   Verbindungslokale IPv6-Adresse  . : fe80::cc1:34c1:3f57:fef7%5(Bevorzugt) 
   Standardgateway . . . . . . . . . : ::
   DHCPv6-IAID . . . . . . . . . . . : 117440512
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1B-3E-E4-1D-74-D0-2B-76-C6-DD
   NetBIOS ber TCP/IP . . . . . . . : Deaktiviert
 
Tunneladapter isatap.localdomain:
 
   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: localdomain
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #4
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2a00:1450:4005:808::1002
 173.194.113.136
 173.194.113.134
 173.194.113.130
 173.194.113.135
 173.194.113.128
 173.194.113.137
 173.194.113.142
 173.194.113.133
 173.194.113.129
 173.194.113.132
 173.194.113.131
 
 
Ping wird ausgefhrt fr google.com [173.194.113.136] mit 32 Bytes Daten:
Antwort von 173.194.113.136: Bytes=32 Zeit=32ms TTL=54
Antwort von 173.194.113.136: Bytes=32 Zeit=32ms TTL=54
 
Ping-Statistik fr 173.194.113.136:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 32ms, Maximum = 32ms, Mittelwert = 32ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Ping wird ausgefhrt fr yahoo.com [98.139.183.24] mit 32 Bytes Daten:
Antwort von 98.139.183.24: Bytes=32 Zeit=187ms TTL=48
Antwort von 98.139.183.24: Bytes=32 Zeit=184ms TTL=48
 
Ping-Statistik fr 98.139.183.24:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 184ms, Maximum = 187ms, Mittelwert = 185ms
 
Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
 
Ping-Statistik fr 127.0.0.1:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
  6...20 68 9d 75 78 a5 ......Virtueller Microsoft-Adapter fr direktes WiFi
  4...74 d0 2b 76 c6 dd ......PCI-E-Gigabit-Ethernet-Controller Qualcomm Atheros AR8161 (NDIS 6.30)
  3...20 68 9d 75 78 a5 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  7...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #4
===========================================================================
 
IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.8     25
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    306
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    306
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
      192.168.1.0    255.255.255.0   Auf Verbindung       192.168.1.8    281
      192.168.1.8  255.255.255.255   Auf Verbindung       192.168.1.8    281
    192.168.1.255  255.255.255.255   Auf Verbindung       192.168.1.8    281
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    306
        224.0.0.0        240.0.0.0   Auf Verbindung       192.168.1.8    281
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
  255.255.255.255  255.255.255.255   Auf Verbindung       192.168.1.8    281
===========================================================================
Stndige Routen:
  Keine
 
IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel             Gateway
  5    306 ::/0                     Auf Verbindung
  1    306 ::1/128                  Auf Verbindung
  5    306 2001::/32                Auf Verbindung
  5    306 2001:0:5ef5:79fb:cc1:34c1:3f57:fef7/128
                                    Auf Verbindung
  3    281 fe80::/64                Auf Verbindung
  5    306 fe80::/64                Auf Verbindung
  5    306 fe80::cc1:34c1:3f57:fef7/128
                                    Auf Verbindung
  3    281 fe80::c934:688d:2818:d5b/128
                                    Auf Verbindung
  1    306 ff00::/8                 Auf Verbindung
  3    281 ff00::/8                 Auf Verbindung
  5    306 ff00::/8                 Auf Verbindung
===========================================================================
Stndige Routen:
  Keine
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/10/2015 02:40:34 PM) (Source: Application Hang) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 
Prozess-ID: 1450
 
Startzeit: 01d0a379eb79f308
 
Endzeit: 4294967295
 
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
 
Berichts-ID: df7bd9d1-0f6d-11e5-becb-74d02b76c6dd
 
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/10/2015 02:24:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AsusTPCenter.exe, Version: 1.0.0.50, Zeitstempel: 0x50e68cd4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000042816
ID des fehlerhaften Prozesses: 0x115c
Startzeit der fehlerhaften Anwendung: 0xAsusTPCenter.exe0
Pfad der fehlerhaften Anwendung: AsusTPCenter.exe1
Pfad des fehlerhaften Moduls: AsusTPCenter.exe2
Berichtskennung: AsusTPCenter.exe3
Vollständiger Name des fehlerhaften Pakets: AsusTPCenter.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AsusTPCenter.exe5
 
Error: (06/10/2015 02:24:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: QuickGesture64.exe, Version: 1.0.7.0, Zeitstempel: 0x4fd5c7c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000042816
ID des fehlerhaften Prozesses: 0x124c
Startzeit der fehlerhaften Anwendung: 0xQuickGesture64.exe0
Pfad der fehlerhaften Anwendung: QuickGesture64.exe1
Pfad des fehlerhaften Moduls: QuickGesture64.exe2
Berichtskennung: QuickGesture64.exe3
Vollständiger Name des fehlerhaften Pakets: QuickGesture64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: QuickGesture64.exe5
 
Error: (06/10/2015 02:23:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RAVCpl64.exe, Version: 1.0.0.828, Zeitstempel: 0x50c86032
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000042816
ID des fehlerhaften Prozesses: 0xdf4
Startzeit der fehlerhaften Anwendung: 0xRAVCpl64.exe0
Pfad der fehlerhaften Anwendung: RAVCpl64.exe1
Pfad des fehlerhaften Moduls: RAVCpl64.exe2
Berichtskennung: RAVCpl64.exe3
Vollständiger Name des fehlerhaften Pakets: RAVCpl64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RAVCpl64.exe5
 
Error: (06/10/2015 08:57:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10813
 
Error: (06/10/2015 08:57:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10813
 
Error: (06/10/2015 08:57:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/10/2015 08:56:56 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (06/10/2015 06:12:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12922
 
Error: (06/10/2015 06:12:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12922
 
 
System errors:
=============
Error: (06/10/2015 06:08:43 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JULIEN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{07CF0543-F373-451B-8253-24278A872026}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error: (06/10/2015 06:07:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3055999)
 
Error: (06/10/2015 06:07:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB2976978)
 
Error: (06/10/2015 06:07:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3034348)
 
Error: (06/10/2015 06:07:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3045634)
 
Error: (06/10/2015 01:14:16 AM) (Source: DCOM) (User: ANDY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (06/10/2015 01:14:16 AM) (Source: DCOM) (User: ANDY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (06/10/2015 00:31:23 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "USER-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{07CF0543-F373-451B-8253-24278A872026}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error: (06/09/2015 09:50:54 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JULIEN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{07CF0543-F373-451B-8253-24278A872026}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error: (06/08/2015 06:19:07 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JULIEN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{07CF0543-F373-451B-8253-24278A872026}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
 
Microsoft Office Sessions:
=========================
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{F9D72742-0351-447C-B160-F0A5AC9D87BF}) (Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Battlefield Bad Company 2 version 1.0 (HKLM-x32\...\{3F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1) (Version: 1.0 - EA)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06079 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0F9D9CD8-7756-4915-ADD0-E8D6BBB2E8D8}) (Version: 3.1.06079 - Cisco Systems, Inc.) Hidden
CopyTrans Control Center Uninstall Only (HKCU\...\CopyTrans Suite) (Version: 3.01 - WindSolutions)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.56.128 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 8.3 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube Download version 3.2.55.301 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.55.301 - DVDVideoSoft Ltd.)
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Might and Magic® III Complete (HKLM-x32\...\Heroes of Might and Magic® III) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version:  - Electronic Arts)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NBA 2K12 (HKLM-x32\...\{04E9B02B-4F85-4B73-B865-27B9B8B35877}) (Version: 1.0.0 - 2K Sports)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\{EDB188F5-D8E8-42EE-89E0-F212DA48CB81}) (Version: 3.8.48.0 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Paragon Software PONS-CD 7 (HKLM-x32\...\Paragon Software PONS-CD 7) (Version:  - Paragon Software)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
Rosetta Stone Homeschool (HKLM-x32\...\{331F15D5-490D-4280-BDE6-5C0F295D8EE1}) (Version: 3.4.5 - Rosetta Stone Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
 
========================= Devices: ================================
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Device ID: ROOT\NET\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 56%
Total physical RAM: 3979.58 MB
Available physical RAM: 1732.77 MB
Total Pagefile: 4811.58 MB
Available Pagefile: 1771.41 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.7 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:43.31 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:258.35 GB) (Free:43.85 GB) NTFS
 
========================= Users: ========================================
 
Benutzerkonten fr \\ANDY
 
Administrator            Andreas                  Gast                     
Der Befehl wurde erfolgreich ausgefhrt.
 
 
**** End of log ****


#4 therealneuerurs

therealneuerurs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 10 June 2015 - 01:43 PM

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/06/10 19:49:06 +0200</date>
<logfile>mbam-log-2015-06-10 (19-49-03).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.01.6.1022</version>
<malware-database>v2015.06.10.04</malware-database>
<rootkit-database>v2015.06.02.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Andreas</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>368107</objects>
<time>2157</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>1</values>
<datas>0</datas>
<folders>0</folders>
<files>9</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<value><path>HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>8a81e622235292d68387ac9335a956fe</valuename><vendor>Spyware.Password</vendor><action>success</action><valuedata>&quot;C:\Users\Andreas\AppData\Local\8a81e622235292d68387ac9335a956fe.exe&quot;</valuedata><hash>2ede4079f496e84e31c6412b8a789769</hash></value>
<file><path>C:\Users\Andreas\AppData\Local\8a81e622235292d68387ac9335a956fe.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>2ede4079f496e84e31c6412b8a789769</hash></file>
<file><path>C:\Users\Andreas\AppData\Roaming\Adobe_User_Feed_Synchronization-{5064EE77-0M61-4F38-V100-96E2C039847L}.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>07053089a3e784b27285333959a936ca</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\104~.exe</path><vendor>Spyware.Emotet</vendor><action>success</action><hash>818b3881abdf1323990cbcb0847e0ff1</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\105~.exe</path><vendor>Spyware.Emotet</vendor><action>success</action><hash>3ad27b3e95f5ed49089d4a229b673fc1</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\1C01~.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>020a2b8edeac39fd7a7d39333dc533cd</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\F5F~.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>0408a7123c4eae88e80f2e3e3bc79f61</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\C5A~.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>20ecb7020a80cc6aa15690dcc33f847c</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\543D~.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>8c80af0a3753c17529cee983818120e0</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\8A83~.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>41cbc1f871197eb829ce4a22ab573bc5</hash></file>
</items>
</mbam-log>

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/06/10 19:49:06 +0200</date>
<logfile>mbam-log-2015-06-10 (19-49-03).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.01.6.1022</version>
<malware-database>v2015.06.10.04</malware-database>
<rootkit-database>v2015.06.02.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Andreas</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>368107</objects>
<time>2157</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>1</values>
<datas>0</datas>
<folders>0</folders>
<files>9</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<value><path>HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>8a81e622235292d68387ac9335a956fe</valuename><vendor>Spyware.Password</vendor><action>success</action><valuedata>&quot;C:\Users\Andreas\AppData\Local\8a81e622235292d68387ac9335a956fe.exe&quot;</valuedata><hash>2ede4079f496e84e31c6412b8a789769</hash></value>
<file><path>C:\Users\Andreas\AppData\Local\8a81e622235292d68387ac9335a956fe.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>2ede4079f496e84e31c6412b8a789769</hash></file>
<file><path>C:\Users\Andreas\AppData\Roaming\Adobe_User_Feed_Synchronization-{5064EE77-0M61-4F38-V100-96E2C039847L}.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>07053089a3e784b27285333959a936ca</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\104~.exe</path><vendor>Spyware.Emotet</vendor><action>success</action><hash>818b3881abdf1323990cbcb0847e0ff1</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\105~.exe</path><vendor>Spyware.Emotet</vendor><action>success</action><hash>3ad27b3e95f5ed49089d4a229b673fc1</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\1C01~.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>020a2b8edeac39fd7a7d39333dc533cd</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\F5F~.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>0408a7123c4eae88e80f2e3e3bc79f61</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\C5A~.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>20ecb7020a80cc6aa15690dcc33f847c</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\543D~.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>8c80af0a3753c17529cee983818120e0</hash></file>
<file><path>C:\Users\Andreas\AppData\Local\Temp\8A83~.exe</path><vendor>Spyware.Password</vendor><action>success</action><hash>41cbc1f871197eb829ce4a22ab573bc5</hash></file>
</items>
</mbam-log>


#5 therealneuerurs

therealneuerurs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 10 June 2015 - 04:43 PM

is there anyone who can help me please?

I'm running the malware bytes test atm, but I think it's interrupted. at least, it's been stuck at the same file for 20mins now.



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,870 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:25 AM

Posted 10 June 2015 - 06:57 PM

Split from http://www.bleepingcomputer.com/forums/t/500637/dhl-virus-removal/page-0 , please...be patient and I suggest not posting any more data until someone requests such.

 

Thank :).

 

Louis



#7 therealneuerurs

therealneuerurs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 June 2015 - 04:06 AM

ok, thanks



#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:25 PM

Posted 11 June 2015 - 04:34 AM

Hello,

 

AdwCleaner

  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished
    * Click on button [Clean].
    Program will close all active windows. Click Ok to confirm. 
    * After restart log will appear. Copy log into this topic.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

------

 

Run Malwarebytes Anti-Malware

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

 

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed. 

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 therealneuerurs

therealneuerurs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 June 2015 - 08:21 AM

thanks for the quick reply. here the log from adwcleaner:

 

# AdwCleaner v4.206 - Bericht erstellt 11/06/2015 um 15:17:29
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-09.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Andreas - ANDY
# Gestarted von : C:\Users\Andreas\Desktop\DHL Virus Removal\AdwCleaner.exe
# Option : Löschen
 
***** [ Dienste ] *****
 
 
***** [ Dateien / Ordner ] *****
 
Ordner Gelöscht : C:\Program Files\Hola
Ordner Gelöscht : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Datei Gelöscht : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Datei Gelöscht : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Geplante Tasks ] *****
 
 
***** [ Verknüpfungen ] *****
 
 
***** [ Registrierungsdatenbank ] *****
 
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Internetbrowser ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v38.0.5 (x86 de)
 
 
-\\ Google Chrome v43.0.2357.124
 
[C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2658 Bytes] - [11/06/2015 14:26:12]
AdwCleaner[R1].txt - [2862 Bytes] - [11/06/2015 14:59:38]
AdwCleaner[S0].txt - [2720 Bytes] - [11/06/2015 15:17:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2779  Bytes] ##########


#10 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:25 PM

Posted 11 June 2015 - 08:25 AM

And MBAM? Are you scanning?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#11 therealneuerurs

therealneuerurs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 June 2015 - 02:17 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11.06.2015
Scan Time: 15:25:23
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.11.02
Rootkit Database: v2015.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andreas
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368459
Time Elapsed: 31 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:25 PM

Posted 11 June 2015 - 04:30 PM

Do you have some problems?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#13 therealneuerurs

therealneuerurs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 June 2015 - 04:43 PM

not really. seems like everything's working well



#14 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:25 PM

Posted 11 June 2015 - 04:48 PM

If you want one more check to be sure:

 

ESET Online Scanner

  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users