Solved Trojan.fakems.ed ?

[N8kux]

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{4E446E57-CB71-4872-AB56-E9FD083A80AC}C:\users\neku\downloads\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\neku\downloads\rtc075c\bizhawk\autokillswitch.exe
FirewallRules: [TCP Query User{21309AC1-DEB2-465B-8471-416C44BE258C}C:\users\neku\downloads\rtc075c\bizhawk\autokillswitch.exe] => (Allow) C:\users\neku\downloads\rtc075c\bizhawk\autokillswitch.exe
FirewallRules: [UDP Query User{7EB52ECB-A3C8-489D-88D1-DE3E2EE0529E}C:\users\neku\downloads\rtc075c\bizhawk\emuhawk.exe] => (Allow) C:\users\neku\downloads\rtc075c\bizhawk\emuhawk.exe
FirewallRules: [TCP Query User{47B85C7D-A6DC-4ABC-848F-A36C162E3D46}C:\users\neku\downloads\rtc075c\bizhawk\emuhawk.exe] => (Allow) C:\users\neku\downloads\rtc075c\bizhawk\emuhawk.exe
FirewallRules: [UDP Query User{A6E09A02-B095-42C7-9974-8D1081238293}F:\gamekiss\freestyle2\freestyle2.exe] => (Allow) F:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [TCP Query User{0BD89E8A-F814-4162-A225-4F5F506305B6}F:\gamekiss\freestyle2\freestyle2.exe] => (Allow) F:\gamekiss\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{BBAC63ED-52E8-41DD-94D7-2D08BEE60BB9}F:\counter-strike source\hl2.exe] => (Allow) F:\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{3ACE1E8D-5CA7-4AFA-B9D1-9D6555B0D112}F:\counter-strike source\hl2.exe] => (Allow) F:\counter-strike source\hl2.exe
FirewallRules: [{E0A88ABF-DFB9-46B5-ACDE-8C6C1BC02AC7}] => (Allow) F:\Assasin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{2A5EAD2A-F5B3-4374-8ECA-0859AB4C7DF5}] => (Allow) F:\Assasin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{D1E9F7A4-1F89-4EC1-9060-90BD9A3FC4E3}] => (Allow) F:\Assasin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{208D2376-459B-43BC-8879-68F1FF49604B}] => (Allow) F:\Assasin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{01F18386-ABDB-4003-A207-30E4176EA271}] => (Allow) F:\Assasin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{1C15ECDF-F9AB-47D0-AED6-94168D2E8D03}] => (Allow) F:\Assasin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{5221D51A-EAD3-46C8-9ACC-657D358EB43C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{8860086B-E44B-4946-A12A-6B32936C5F83}C:\users\neku\appdata\local\game-jolt-client\games\plan-be-86295\default-188591\plan be\plan be.exe] => (Allow) C:\users\neku\appdata\local\game-jolt-client\games\plan-be-86295\default-188591\plan be\plan be.exe
FirewallRules: [TCP Query User{1F90AEA7-4ED3-408A-AA86-342453B290B4}C:\users\neku\appdata\local\game-jolt-client\games\plan-be-86295\default-188591\plan be\plan be.exe] => (Allow) C:\users\neku\appdata\local\game-jolt-client\games\plan-be-86295\default-188591\plan be\plan be.exe
FirewallRules: [{17BC20F3-1410-421D-AB00-64694116A28C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{675E7071-4517-4A5D-B14D-1D6D6F28CB0E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{150CCD57-8C35-4011-899D-16B6CFEC73B2}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{03CC8B61-E5DD-471E-9C6A-25EDE673CCAE}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{76FB4048-63B8-420C-9538-DF764CDAF2B9}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{6A649720-8B75-458D-9F99-AFC275D1DC39}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{D0D636AD-D793-492C-B78B-7D88CE2C0108}] => (Allow) C:\Users\Neku\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F7A3516-CF83-48BA-8DE3-4359473F0DA0}] => (Allow) C:\Users\Neku\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D1CDF8DA-6965-4CE3-8496-DA15A9DF7B47}] => (Allow) C:\Users\Neku\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{388EF662-FE9D-45F6-A0ED-7D88AE493757}] => (Allow) C:\Users\Neku\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1ABDA077-BC0F-4972-ABA4-85D81DD88D31}] => (Allow) C:\Users\Neku\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{435104E8-D9D6-479A-8952-FA2D56CF8994}] => (Allow) C:\Users\Neku\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{684B0110-FA1E-48D8-B647-4B3F5FF27BE4}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [TCP Query User{239E79F5-B57E-40C4-BD45-D37D0B99D448}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [{79335C2F-97B2-40AA-8478-EC22FE191C2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77047FE5-5BE3-46C4-9880-2EDCA9AD130E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90DCACF2-AD29-4E57-BC3B-9517855EA057}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{8A51B2ED-B3C9-491A-9BE7-0BF196CCC4FB}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{AC4F09D0-A1A1-491B-A6C8-7B850DA5B4AB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{030AD213-B01A-4478-8883-98ACC90362D1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{EC3208F3-2858-4033-948B-9FC0C05D4036}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{7456B177-F3A4-4680-BA3F-C029A641E7C8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BE80E928-3459-46C0-90FB-93E4B0CC701A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{0975B1B7-2088-4DE4-BA9B-972C7C5AB731}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{8515A834-F84E-4227-A48F-F7993A8B0DFD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{F43687B8-AE0B-47AA-AA91-39D6BA149537}] => (Allow) F:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{76A317DF-7A61-4F2D-B775-EC9F1934AF26}] => (Allow) F:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{F360040E-1E42-4DBF-8D0E-3E2032814350}] => (Allow) F:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{9B563F35-8F9E-4B40-A77A-9BEE995CEB2D}] => (Allow) F:\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{D70107F7-9849-4463-914A-75148F38A7B4}] => (Allow) F:\Steam\steamapps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{E350EDC0-91B6-4F96-A7A1-236788A67F3D}] => (Allow) F:\Steam\steamapps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [TCP Query User{BE0239B4-09A6-4A3B-983D-FFE24ED785FD}F:\steam\steamapps\common\brick-force row\brickforce.exe] => (Allow) F:\steam\steamapps\common\brick-force row\brickforce.exe
FirewallRules: [UDP Query User{132BE23F-B7D3-40E0-80BD-C624498E11B7}F:\steam\steamapps\common\brick-force row\brickforce.exe] => (Allow) F:\steam\steamapps\common\brick-force row\brickforce.exe
FirewallRules: [{000A4184-F64C-4586-AC52-E4F3E485CF99}] => (Allow) F:\Steam\steamapps\common\Double Action\hl2.exe
FirewallRules: [{C49C7420-2A2B-4079-9EEF-2C680E59F2F3}] => (Allow) F:\Steam\steamapps\common\Double Action\hl2.exe
FirewallRules: [{CCA7B11A-6A4F-4590-9CB5-0E6B9D3AE3F8}] => (Allow) F:\Steam\steamapps\common\Double Action\bin\hammer.exe
FirewallRules: [{C40CCABD-357B-4807-AD47-E360BDC1377D}] => (Allow) F:\Steam\steamapps\common\Double Action\bin\hammer.exe
FirewallRules: [TCP Query User{8CCA3E7F-4D16-4DED-AB12-F3C86938516E}F:\steam\steamapps\common\happywars\happywars.exe] => (Allow) F:\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [UDP Query User{0E9F0083-883C-4DDA-B532-26C64B2B8531}F:\steam\steamapps\common\happywars\happywars.exe] => (Allow) F:\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [{813E9FEF-8E3E-46E5-BE96-2AB3BDBA42B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{689F5E91-5867-478F-90FD-35BE6C9CD056}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9B9A4EF2-7EFB-42F4-BBB1-C780AA6F7DD4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{89757EB3-6C38-466B-B8B0-F7F909B0CB75}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{DB6E169A-181E-4395-90B3-CF1761071E7A}F:\counter-strike 1.6 (2015-10-21)\hl.exe] => (Allow) F:\counter-strike 1.6 (2015-10-21)\hl.exe
FirewallRules: [UDP Query User{22F37DCD-6744-467A-9F9A-82B7FB1401C4}F:\counter-strike 1.6 (2015-10-21)\hl.exe] => (Allow) F:\counter-strike 1.6 (2015-10-21)\hl.exe
FirewallRules: [TCP Query User{306E84E2-E918-45CA-8688-66D691CD8FE4}F:\torrents\coin.crypt.sea.and.sky.expansion\coin.crypt.sea.and.sky.expansion\coincrypt-win.exe] => (Allow) F:\torrents\coin.crypt.sea.and.sky.expansion\coin.crypt.sea.and.sky.expansion\coincrypt-win.exe
FirewallRules: [UDP Query User{F28DA13C-043A-4F0D-9C3A-33AD59EA541D}F:\torrents\coin.crypt.sea.and.sky.expansion\coin.crypt.sea.and.sky.expansion\coincrypt-win.exe] => (Allow) F:\torrents\coin.crypt.sea.and.sky.expansion\coin.crypt.sea.and.sky.expansion\coincrypt-win.exe
FirewallRules: [{05E96E42-FF5C-4961-BF99-2B8FAD6E048B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{B2CA5A32-2C59-4B3B-9333-6FF28BE11942}C:\users\neku\appdata\local\temp\70088484\download\minithunderplatform.exe] => (Block) C:\users\neku\appdata\local\temp\70088484\download\minithunderplatform.exe
FirewallRules: [UDP Query User{65A6F9D7-0600-4D0D-95B8-E7261557CFC6}C:\users\neku\appdata\local\temp\70088484\download\minithunderplatform.exe] => (Block) C:\users\neku\appdata\local\temp\70088484\download\minithunderplatform.exe

==================== Wiederherstellungspunkte =========================

10-04-2016 14:54:52 JRT Pre-Junkware Removal
11-04-2016 16:45:42 JRT Pre-Junkware Removal
18-04-2016 13:19:57 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/18/2016 07:38:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-VB720D7I)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (04/18/2016 07:31:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc000027b
Fault offset: 0x00000000006fce8b
Faulting process ID: 0x9f0
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report ID: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (04/18/2016 04:43:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc000027b
Fault offset: 0x00000000006fce8b
Faulting process ID: 0x474
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report ID: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (04/18/2016 01:20:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/15/2016 02:53:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/15/2016 02:10:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-VB720D7I)
Description: Activation of application Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/11/2016 06:05:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/11/2016 06:05:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/11/2016 04:46:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/11/2016 04:32:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-VB720D7I)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


Systemfehler:
=============
Error: (04/19/2016 04:44:13 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: LAPTOP-VB720D7I)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2253936156-139631062-2474235644-1001-0-ntuser.dat

Error: (04/19/2016 04:43:45 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: LAPTOP-VB720D7I)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2253936156-139631062-2474235644-1001-0-ntuser.dat

Error: (04/18/2016 08:06:06 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-VB720D7I)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/18/2016 08:05:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Benutzerdatenzugriff_51f4f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Neustart des Diensts.

Error: (04/18/2016 08:05:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Benutzerdatenspeicher _51f4f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Neustart des Diensts.

Error: (04/18/2016 08:05:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kontaktdaten_51f4f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Neustart des Diensts.

Error: (04/18/2016 08:05:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Synchronisierungshost_51f4f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Neustart des Diensts.

Error: (04/18/2016 08:05:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/18/2016 03:59:26 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: LAPTOP-VB720D7I)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2253936156-139631062-2474235644-1001-0-ntuser.dat

Error: (04/18/2016 03:59:02 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: LAPTOP-VB720D7I)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-2253936156-139631062-2474235644-1001-0-ntuser.dat


CodeIntegrity:
===================================
Date: 2016-04-18 18:55:03.077
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 17:00:55.784
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-22 17:07:55.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-21 20:14:24.908
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-20 00:54:39.108
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-20 00:06:24.550
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-20 00:05:02.316
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-20 00:04:50.884
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-20 00:02:02.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-19 23:46:46.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Prozentuale Nutzung des RAM: 74%
Installierter physikalischer RAM: 4010.02 MB
Verfügbarer physikalischer RAM: 1038.71 MB
Summe virtueller Speicher: 5226.02 MB
Verfügbarer virtueller Speicher: 1856.52 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:234.41 GB) (Free:168.4 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:230.75 GB) (Free:159.33 GB) NTFS
Drive g: (New) (CDROM) (Total:0.73 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0911E2FF)

Partition: GPT.

==================== Ende von Addition.txt ============================

 

[N8kux]

O yea I just got a warning from malwarebytes background scan probably . Want the log???

 

[Broni]

Yes.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[N8kux]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-04-19
Scan Time: 4:43 PM
Logfile: uy.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.19.05
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Neku

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 400834
Time Elapsed: 47 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.YesSearches, HKU\S-1-5-18\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, , [fcb549677722f0460fa1625d60a2e31d],
PUP.Optional.YesSearches, HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, , [664b1e92a1f89b9bf9b71aa557ab9967],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[N8kux]

Oh yea what do I do with FRST again you mean just save the fixlist on my desktop where my FRST is and then run it and press fix or

 

[N8kux]

By the way my FRST is on desktop

 

[Broni]

Save the fixlist on my desktop where my FRST is and then run it and press fix
Yes.

 

[N8kux]

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
durchgeführt von Neku (2016-04-21 19:57:03) Run:1
Gestartet von C:\Users\Neku\Desktop
Geladene Profile: Neku (Verfügbare Profile: Neku)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
HKU\S-1-5-21-2253936156-139631062-2474235644-1001\...\MountPoints2: H - "H:\Setup.exe"
HKU\S-1-5-21-2253936156-139631062-2474235644-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: H - "H:\Setup.exe"
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]
2016-04-09 15:23 - 2016-04-09 15:23 - 0005120 _____ () C:\Users\Neku\AppData\Roaming\GiftBag.db
2016-02-02 14:46 - 2016-02-02 14:46 - 0000000 ___SH () C:\Users\Neku\AppData\Local\LumaEmu
2016-04-10 13:23 - 2016-04-10 13:23 - 0007607 _____ () C:\Users\Neku\AppData\Local\Resmon.ResmonCfg
2016-03-15 15:18 - 2016-03-15 15:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Neku\AppData\Local\Temp\ose00000.exe
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [270]
AlternateDataStreams: C:\Users\Neku\Cookies:eLzzriPeN1MNFOkejNxqUxTPoNxAY [2136]
AlternateDataStreams: C:\Users\Neku\AppData\Local\Temporary Internet Files:fx18fowBUdLoTEkpDxaPcAEeW [2204]

*****************

"HKU\S-1-5-21-2253936156-139631062-2474235644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-2253936156-139631062-2474235644-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben
X6va062 => Dienst erfolgreich entfernt
C:\Users\Neku\AppData\Roaming\GiftBag.db => erfolgreich verschoben
C:\Users\Neku\AppData\Local\LumaEmu => erfolgreich verschoben
C:\Users\Neku\AppData\Local\Resmon.ResmonCfg => erfolgreich verschoben
C:\ProgramData\DP45977C.lfl => erfolgreich verschoben
"C:\Users\Neku\AppData\Local\Temp\ose00000.exe" => nicht gefunden.
C:\ProgramData\Temp => ":5C321E34" ADS erfolgreich entfernt.
"C:\Users\Neku\Cookies" => ":eLzzriPeN1MNFOkejNxqUxTPoNxAY" ADS nicht gefunden.
"C:\Users\Neku\AppData\Local\Temporary Internet Files" => ":fx18fowBUdLoTEkpDxaPcAEeW" ADS nicht gefunden.


Das System musste neu gestartet werden.

==== Ende von Fixlog 19:57:04 ====

 

[N8kux]

Did I do it right. I saved fixlist on the desktop and ran FRST and pressed fix it deleted the fixlist and gave me fixlog.this was what I needed to do right

 

[Broni]

You did fine

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[N8kux]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.4
Java 8 Update 77
Java version 32-bit out of Date!
Adobe Flash Player 21.0.0.213
Mozilla Firefox (45.0.2)
Google Chrome (49.0.2623.110)
Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software SecureLine VpnSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software SecureLine SecureLine.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[N8kux]

Farbar Service Scanner Version: 27-01-2016
Ran by Neku (administrator) on 22-04-2016 at 14:42:14
Running from "C:\Users\Neku\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[N8kux]

Here you go the logs for Security Check and FSS im going to give you the sophos virus removal tool log tomorow since ill run it early in the morning so it can be done since it takes a loooong time to scan.and I have a few questions
1.is it possible for the virus to forcefully disable win defender and uac since I had to set up uac manually since win 10 or microsoft apps wouldn work at all and as I said I cant really turn the win defender on the icon or slider for turning it on is gray and I cant do anything
2.is there a way to see if my router has been hijacked by a virus (im sorry I know I asked this before but my internet is going crazy and my roommate says his email password has been changed )
3.if there is no virus in my computer anymore or there is no sign of it does it mean its gone since I have a felling that its still there somewhere
and 4.what is the possibility of my accounts being hacked since this is that type of a virus and what can I do about it if it is.
sorry for many questions and thank you for helping me since I think I couldn't have done anything if I didnt open the thread

 

[Broni]

1. possible
2,3,4....if after Sophos I declare your computer being clean then unless you see some strange computer behavior you're fine.

 

[N8kux]

2016-04-09 14:49:39.265 Sophos Virus Removal Tool version 2.5.5
2016-04-09 14:49:39.265 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-04-09 14:49:39.265 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-04-09 14:49:39.265 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2016-04-09 14:49:39.266 Checking for updates...
2016-04-09 14:49:39.371 Update progress: proxy server not available
2016-04-09 14:50:21.154 Downloading updates...
2016-04-09 14:50:21.164 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-04-09 14:50:21.165 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-04-09 14:50:21.165 Update progress: [I49502] Found supplement IDE526 LATEST
2016-04-09 14:50:21.165 Update progress: [I49502] Found supplement IDE527 LATEST
2016-04-09 14:50:21.165 Update progress: [I49502] Found supplement IDE528 LATEST
2016-04-09 14:50:21.165 Update progress: [I49502] Found supplement IDE529 LATEST
2016-04-09 14:50:21.165 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-04-09 14:50:21.166 Update progress: [I19463] Syncing product SAVIW32 68
2016-04-09 14:50:33.113 Update progress: [I19463] Syncing product IDE526 167
2016-04-09 14:50:36.686 Installing updates...
2016-04-09 14:50:39.007 Option all = no
2016-04-09 14:50:44.625 Option recurse = yes
2016-04-09 14:50:44.625 Option archive = no
2016-04-09 14:50:44.626 Option service = yes
2016-04-09 14:50:44.626 Option confirm = yes
2016-04-09 14:50:44.626 Option sxl = yes
2016-04-09 14:50:44.626 Option max-data-age = 35
2016-04-09 14:50:44.626 Option EnableSafeClean = yes
2016-04-09 14:50:44.626 Option vdl-logging = yes
2016-04-09 14:50:44.626 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-09 14:50:44.626 Machine ID: 1589fc041027428fba1bb4a40b1415ab
2016-04-09 14:50:44.626 Component SVRTcli.exe version 2.5.5
2016-04-09 14:50:44.627 Component control.dll version 2.5.5
2016-04-09 14:50:44.627 Component SVRTservice.exe version 2.5.5
2016-04-09 14:50:44.627 Component engine\osdp.dll version 1.44.1.2240
2016-04-09 14:50:44.627 Component engine\veex.dll version 3.64.0.2240
2016-04-09 14:50:44.627 Component engine\savi.dll version 9.0.0.2240
2016-04-09 14:50:44.627 Component rkdisk.dll version 1.5.30.0
2016-04-09 14:50:44.627 Version info: Product version 2.5.5
2016-04-09 14:50:44.627 Version info: Detection engine 3.64.0
2016-04-09 14:50:44.628 Version info: Detection data 5.25
2016-04-09 14:50:44.628 Version info: Build date 2016-03-08
2016-04-09 14:50:44.628 Version info: Data files added 318
2016-04-09 14:50:44.628 Version info: Last successful update (not yet updated)
2016-04-09 14:50:44.628 Error level 1
2016-04-09 14:50:44.818 Update progress: [I19463] Syncing product IDE527 142
2016-04-09 14:50:44.818 Update progress: [I19463] Syncing product IDE528 12
2016-04-09 14:50:44.818 Update progress: [I19463] Syncing product IDE529 1
2016-04-09 14:51:12.724 Update successful
2016-04-09 14:51:34.913 Option all = no
2016-04-09 14:51:34.913 Option recurse = yes
2016-04-09 14:51:34.913 Option archive = no
2016-04-09 14:51:34.913 Option service = yes
2016-04-09 14:51:34.913 Option confirm = yes
2016-04-09 14:51:34.913 Option sxl = yes
2016-04-09 14:51:34.916 Option max-data-age = 35
2016-04-09 14:51:34.916 Option EnableSafeClean = yes
2016-04-09 14:51:37.283 Option vdl-logging = yes
2016-04-09 14:51:37.296 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-09 14:51:37.296 Machine ID: 1589fc041027428fba1bb4a40b1415ab
2016-04-09 14:51:37.299 Component SVRTcli.exe version 2.5.5
2016-04-09 14:51:37.299 Component control.dll version 2.5.5
2016-04-09 14:51:37.299 Component SVRTservice.exe version 2.5.5
2016-04-09 14:51:37.299 Component engine\osdp.dll version 1.44.1.2240
2016-04-09 14:51:37.299 Component engine\veex.dll version 3.64.0.2240
2016-04-09 14:51:37.299 Component engine\savi.dll version 9.0.0.2240
2016-04-09 14:51:37.301 Component rkdisk.dll version 1.5.30.0
2016-04-09 14:51:37.301 Version info: Product version 2.5.5
2016-04-09 14:51:37.302 Version info: Detection engine 3.64.0
2016-04-09 14:51:37.302 Version info: Detection data 5.25
2016-04-09 14:51:37.302 Version info: Build date 2016-03-08
2016-04-09 14:51:37.302 Version info: Data files added 318
2016-04-09 14:51:37.302 Version info: Last successful update 2016-04-09 4:51:12 PM

2016-04-09 14:52:19.484 SafeClean bin directory is empty.
2016-04-09 14:52:19.484 Error level 0

2016-04-09 14:52:19.488 Scan cancelled by user.
2016-04-09 14:52:19.489

------------------------------------------------------------

2016-04-09 14:55:43.390 Sophos Virus Removal Tool version 2.5.5
2016-04-09 14:55:43.390 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-04-09 14:55:43.390 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-04-09 14:55:43.390 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2016-04-09 14:55:43.405 Checking for updates...
2016-04-09 14:55:43.437 Update progress: proxy server not available
2016-04-09 14:57:43.765 Option all = no
2016-04-09 14:57:43.765 Option recurse = yes
2016-04-09 14:57:43.765 Option archive = no
2016-04-09 14:57:43.765 Option service = yes
2016-04-09 14:57:43.765 Option confirm = yes
2016-04-09 14:57:43.765 Option sxl = yes
2016-04-09 14:57:43.765 Option max-data-age = 35
2016-04-09 14:57:43.765 Option EnableSafeClean = yes
2016-04-09 14:57:54.756 Option vdl-logging = yes
2016-04-09 14:57:54.766 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-09 14:57:54.766 Machine ID: 1589fc041027428fba1bb4a40b1415ab
2016-04-09 14:57:54.816 Component SVRTcli.exe version 2.5.5
2016-04-09 14:57:54.816 Component control.dll version 2.5.5
2016-04-09 14:57:54.816 Component SVRTservice.exe version 2.5.5
2016-04-09 14:57:54.816 Component engine\osdp.dll version 1.44.1.2240
2016-04-09 14:57:54.816 Component engine\veex.dll version 3.64.0.2240
2016-04-09 14:57:54.816 Component engine\savi.dll version 9.0.0.2240
2016-04-09 14:57:54.926 Component rkdisk.dll version 1.5.30.0
2016-04-09 14:57:54.926 Version info: Product version 2.5.5
2016-04-09 14:57:54.926 Version info: Detection engine 3.64.0
2016-04-09 14:57:54.926 Version info: Detection data 5.25
2016-04-09 14:57:54.926 Version info: Build date 2016-03-08
2016-04-09 14:57:54.926 Version info: Data files added 318
2016-04-09 14:57:54.926 Version info: Last successful update 2016-04-09 4:51:12 PM
2016-04-09 14:58:36.677 Update not required

2016-04-09 15:47:39.597 SafeClean bin directory is empty.
2016-04-09 15:47:39.597 Error level 0

2016-04-09 15:47:39.675 Scan cancelled by user.
2016-04-09 15:47:39.675

------------------------------------------------------------

2016-04-10 15:36:57.265 Sophos Virus Removal Tool version 2.5.5
2016-04-10 15:36:57.265 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-04-10 15:36:57.265 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-04-10 15:36:57.265 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2016-04-10 15:36:57.265 Checking for updates...
2016-04-10 15:36:57.302 Update progress: proxy server not available
2016-04-10 15:37:18.434 Downloading updates...
2016-04-10 15:37:18.437 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-04-10 15:37:18.437 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-04-10 15:37:18.437 Update progress: [I49502] Found supplement IDE526 LATEST
2016-04-10 15:37:18.438 Update progress: [I49502] Found supplement IDE527 LATEST
2016-04-10 15:37:18.438 Update progress: [I49502] Found supplement IDE528 LATEST
2016-04-10 15:37:18.438 Update progress: [I49502] Found supplement IDE529 LATEST
2016-04-10 15:37:18.438 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-04-10 15:37:18.438 Update progress: [I19463] Syncing product SAVIW32 68
2016-04-10 15:37:18.438 Update progress: [I19463] Syncing product IDE526 167
2016-04-10 15:37:20.866 Update progress: [I19463] Syncing product IDE527 142
2016-04-10 15:37:20.866 Update progress: [I19463] Syncing product IDE528 18
2016-04-10 15:37:21.281 Installing updates...
2016-04-10 15:37:46.167 Option all = no
2016-04-10 15:37:49.782 Option recurse = yes
2016-04-10 15:37:49.782 Option archive = no
2016-04-10 15:37:49.782 Option service = yes
2016-04-10 15:37:49.782 Option confirm = yes
2016-04-10 15:37:49.782 Option sxl = yes
2016-04-10 15:37:49.783 Option max-data-age = 35
2016-04-10 15:37:49.783 Option EnableSafeClean = yes
2016-04-10 15:37:49.783 Option vdl-logging = yes
2016-04-10 15:37:49.783 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-10 15:37:49.783 Machine ID: 1589fc041027428fba1bb4a40b1415ab
2016-04-10 15:37:49.783 Component SVRTcli.exe version 2.5.5
2016-04-10 15:37:49.783 Component control.dll version 2.5.5
2016-04-10 15:37:49.783 Component SVRTservice.exe version 2.5.5
2016-04-10 15:37:49.783 Component engine\osdp.dll version 1.44.1.2240
2016-04-10 15:37:49.783 Component engine\veex.dll version 3.64.0.2240
2016-04-10 15:37:49.783 Component engine\savi.dll version 9.0.0.2240
2016-04-10 15:37:49.784 Component rkdisk.dll version 1.5.30.0
2016-04-10 15:37:49.784 Version info: Product version 2.5.5
2016-04-10 15:37:49.784 Version info: Detection engine 3.64.0
2016-04-10 15:37:49.784 Version info: Detection data 5.25
2016-04-10 15:37:49.784 Version info: Build date 2016-03-08
2016-04-10 15:37:49.784 Version info: Data files added 318
2016-04-10 15:37:49.784 Version info: Last successful update 2016-04-09 4:51:12 PM
2016-04-10 15:37:49.785 Error level 1
2016-04-10 15:37:50.316 Update progress: [I19463] Syncing product IDE529 1
2016-04-10 15:37:50.463 Update successful
2016-04-10 15:38:12.731 Option all = no
2016-04-10 15:38:12.731 Option recurse = yes
2016-04-10 15:38:12.731 Option archive = no
2016-04-10 15:38:12.731 Option service = yes
2016-04-10 15:38:12.731 Option confirm = yes
2016-04-10 15:38:12.732 Option sxl = yes
2016-04-10 15:38:12.734 Option max-data-age = 35
2016-04-10 15:38:12.734 Option EnableSafeClean = yes
2016-04-10 15:38:14.407 Option vdl-logging = yes
2016-04-10 15:38:14.407 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-10 15:38:14.407 Machine ID: 1589fc041027428fba1bb4a40b1415ab
2016-04-10 15:38:14.424 Component SVRTcli.exe version 2.5.5
2016-04-10 15:38:14.424 Component control.dll version 2.5.5
2016-04-10 15:38:14.425 Component SVRTservice.exe version 2.5.5
2016-04-10 15:38:14.426 Component engine\osdp.dll version 1.44.1.2240
2016-04-10 15:38:14.426 Component engine\veex.dll version 3.64.0.2240
2016-04-10 15:38:14.428 Component engine\savi.dll version 9.0.0.2240
2016-04-10 15:38:14.429 Component rkdisk.dll version 1.5.30.0
2016-04-10 15:38:14.429 Version info: Product version 2.5.5
2016-04-10 15:38:14.429 Version info: Detection engine 3.64.0
2016-04-10 15:38:14.429 Version info: Detection data 5.25
2016-04-10 15:38:14.429 Version info: Build date 2016-03-08
2016-04-10 15:38:14.429 Version info: Data files added 324
2016-04-10 15:38:14.429 Version info: Last successful update 2016-04-10 5:37:50 PM

2016-04-10 16:58:10.087 Could not open C:\hiberfil.sys
2016-04-10 17:00:16.177 Could not open C:\pagefile.sys
2016-04-10 17:53:57.772 Could not open C:\swapfile.sys
2016-04-10 17:53:59.288 Could not open C:\System Volume Information\{0cc5aecb-fdb2-11e5-9bff-2c600cd4c663}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-10 17:53:59.289 Could not open C:\System Volume Information\{0cc5b054-fdb2-11e5-9bff-2c600cd4c663}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-10 17:53:59.290 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-10 17:53:59.291 Could not open C:\System Volume Information\{5b8e386a-ff1a-11e5-9c04-2c600cd4c663}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-10 17:53:59.292 Could not open C:\System Volume Information\{ebccca24-f7f0-11e5-9bfb-2c600cd4c663}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-10 18:16:12.349 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-04-10 18:16:12.367 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-04-10 18:16:25.567 Could not open C:\Windows\System32\config\BBI
2016-04-10 18:16:25.684 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-04-10 18:16:25.687 Could not open C:\Windows\System32\config\RegBack\SAM
2016-04-10 18:16:25.689 Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-04-10 18:16:25.689 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-04-10 18:16:25.689 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-04-10 19:12:40.577 Could not open C:\Windows\Temp\tmp000079ee\tmp00000000
2016-04-10 20:01:11.152 SafeClean bin directory is empty.
2016-04-10 20:01:11.153 Error level 0

2016-04-10 20:01:11.202 Scan cancelled by user.
2016-04-10 20:01:11.202

------------------------------------------------------------

2016-04-23 08:40:01.231 Sophos Virus Removal Tool version 2.5.5
2016-04-23 08:40:01.231 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-04-23 08:40:01.231 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-04-23 08:40:01.231 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2016-04-23 08:40:01.231 Checking for updates...
2016-04-23 08:40:01.300 Update progress: proxy server not available
2016-04-23 08:40:27.643 Downloading updates...
2016-04-23 08:40:27.659 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-04-23 08:40:27.659 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-04-23 08:40:27.659 Update progress: [I49502] Found supplement IDE527 LATEST
2016-04-23 08:40:27.659 Update progress: [I49502] Found supplement IDE528 LATEST
2016-04-23 08:40:27.659 Update progress: [I49502] Found supplement IDE529 LATEST
2016-04-23 08:40:27.659 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-04-23 08:40:27.659 Update progress: [I19463] Syncing product SAVIW32 70
2016-04-23 08:41:10.697 Option all = no
2016-04-23 08:41:10.713 Option recurse = yes
2016-04-23 08:41:10.713 Option archive = no
2016-04-23 08:41:10.713 Option service = yes
2016-04-23 08:41:10.713 Option confirm = yes
2016-04-23 08:41:10.713 Option sxl = yes
2016-04-23 08:41:10.713 Option max-data-age = 35
2016-04-23 08:41:10.713 Option EnableSafeClean = yes
2016-04-23 08:41:11.114 Update progress: [I19463] Syncing product IDE527 142
2016-04-23 08:41:14.086 Update progress: [I19463] Syncing product IDE528 74
2016-04-23 08:41:18.895 Option vdl-logging = yes
2016-04-23 08:41:18.915 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-23 08:41:18.915 Machine ID: 1589fc041027428fba1bb4a40b1415ab
2016-04-23 08:41:18.995 Component SVRTcli.exe version 2.5.5
2016-04-23 08:41:18.995 Component control.dll version 2.5.5
2016-04-23 08:41:18.995 Component SVRTservice.exe version 2.5.5
2016-04-23 08:41:18.995 Component engine\osdp.dll version 1.44.1.2240
2016-04-23 08:41:18.995 Component engine\veex.dll version 3.64.0.2240
2016-04-23 08:41:18.995 Component engine\savi.dll version 9.0.0.2240
2016-04-23 08:41:19.095 Component rkdisk.dll version 1.5.30.0
2016-04-23 08:41:19.095 Version info: Product version 2.5.5
2016-04-23 08:41:19.095 Version info: Detection engine 3.64.0
2016-04-23 08:41:19.095 Version info: Detection data 5.25
2016-04-23 08:41:19.095 Version info: Build date 2016-03-08
2016-04-23 08:41:19.095 Version info: Data files added 324
2016-04-23 08:41:19.095 Version info: Last successful update 2016-04-10 5:37:50 PM
2016-04-23 08:41:24.991 Installing updates...
2016-04-23 08:41:26.031 Error level 1
2016-04-23 08:41:26.310 Update progress: [I19463] Syncing product IDE529 1
2016-04-23 08:41:29.024 Update successful
2016-04-23 08:42:11.334 Option all = no
2016-04-23 08:42:11.335 Option recurse = yes
2016-04-23 08:42:11.335 Option archive = no
2016-04-23 08:42:11.335 Option service = yes
2016-04-23 08:42:11.335 Option confirm = yes
2016-04-23 08:42:11.335 Option sxl = yes
2016-04-23 08:42:11.338 Option max-data-age = 35
2016-04-23 08:42:11.338 Option EnableSafeClean = yes
2016-04-23 08:42:13.431 Option vdl-logging = yes
2016-04-23 08:42:13.478 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-23 08:42:13.478 Machine ID: 1589fc041027428fba1bb4a40b1415ab
2016-04-23 08:42:13.480 Component SVRTcli.exe version 2.5.5
2016-04-23 08:42:13.481 Component control.dll version 2.5.5
2016-04-23 08:42:13.481 Component SVRTservice.exe version 2.5.5
2016-04-23 08:42:13.482 Component engine\osdp.dll version 1.44.1.2250
2016-04-23 08:42:13.482 Component engine\veex.dll version 3.65.0.2250
2016-04-23 08:42:13.482 Component engine\savi.dll version 9.0.1.2250
2016-04-23 08:42:13.484 Component rkdisk.dll version 1.5.30.0
2016-04-23 08:42:13.484 Version info: Product version 2.5.5
2016-04-23 08:42:13.484 Version info: Detection engine 3.65.0
2016-04-23 08:42:13.484 Version info: Detection data 5.26
2016-04-23 08:42:13.484 Version info: Build date 2016-04-05
2016-04-23 08:42:13.484 Version info: Data files added 214
2016-04-23 08:42:13.484 Version info: Last successful update 2016-04-23 10:41:29 AM

2016-04-23 10:40:06.017 Could not open C:\hiberfil.sys
2016-04-23 10:43:23.839 Could not open C:\pagefile.sys
2016-04-23 11:44:44.536 Could not open C:\ProgramData\OEM\Acer\InfoCollect\FUBAlreadySend
2016-04-23 11:46:09.300 Could not open C:\swapfile.sys
2016-04-23 12:15:13.491 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-04-23 12:15:13.519 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-04-23 12:15:30.994 Could not open C:\Windows\System32\config\BBI
2016-04-23 12:15:31.288 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-04-23 12:15:31.304 Could not open C:\Windows\System32\config\RegBack\SAM
2016-04-23 12:15:31.314 Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-04-23 12:15:31.333 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-04-23 12:15:31.350 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-04-23 14:21:47.346 >>> Virus 'Mal/Generic-S' found in file F:\Counter-Strike 1.6 (2015-10-21)\cstrike\cl_dlls\GameUI.dll
2016-04-23 14:21:47.347 >>> Virus 'Mal/Generic-S' found in file F:\Counter-Strike 1.6 (2015-10-21)\cstrike\cl_dlls\GameUI.dll
2016-04-23 14:21:47.348 >>> Virus 'Mal/Generic-S' found in file F:\Counter-Strike 1.6 (2015-10-21)\cstrike\cl_dlls\GameUI.dll
2016-04-23 14:44:19.671 The following items will be cleaned up:
2016-04-23 14:44:19.671 Mal/Generic-S

 

[N8kux]

Here ya go hope everything is ok and yea I forgot to say but a few posts ago my win10 updated
so yea just wanted to tell you although I dont think it matters

 

[Broni]

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

==================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[N8kux]

Ok I did all the steps you said except update java since I dunno what to download.my pc is working fine except when I try to access any microsoft store apps I can but I have no internet in them or there is a problem connecting to something .al post in a few days after I used it
and thank you alot without your help I think I would have lost all my personal data so again thank you for helping me delete this virus and I hope other people get to be helped by you now I would gladly donate but I got my card shut down so yea im really sorry and have an amazing day

 

[Broni]

Way to go!!
Good luck and stay safe

 

[N8kux]

Can I ask a question before you leave is akamai something client a virus or is it legit I think its there because of aeria games I dunno so thats why I ask

 

[Broni]

It's legit.

 

[N8kux]

Im sorry I know I said everything is ok but today I found out my pass has been changed. I couldn't log in to my email and I thought I typed wrong but I didn't cuz I got the new changed pass. after you said I have to change my passwords I did as you said and then today I saw this. when I went to see who logged in my account I didn't see anything wrong until I saw access from the same ip which I don't think is mine but its from my country but that's not the thing I saw a login from google chrome even tho I never used it later I saw from internet explorer same day but different time and this is the same for other accounts it happened 24th of April. il try to change my password if I can if my password changes again what can I do ???

 

[N8kux]

But maybe its not that maybe its my internet provider or I setup an account on my tablet but one thing is for sure I didnt change the password

 

[N8kux]

Now that I look at it it is not mine at all

 

[Broni]

What type of email is it?
Web based?