Reply to thread

Message: <blockquote data-quote="NLio" data-source="post: 1117217" data-attributes="member: 120198">Hello again icotonev,unfortunately I still get redirected, so here are the results from the FMRS log# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ## Furtivex Malware Removal Script v5.5.4# <a href="https://furtivex.net" target="_blank">Furtivex – Furtivex Computer Solutions</a># Microsoft Windows 11 Home x64 24H2 0407 // 1252 // 65001# 2025_02_09__19_28_04 - nicol - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ## Abläufe:# Treiber:# Dienste:# Dateien:C:\ProgramData\SEC9167.tmpC:\ProgramData\SECA090.tmpC:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data (507)C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js (2437)C:\Users\nicol\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data (19)C:\Users\nicol\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js (255)C:\Users\nicol\AppData\Local\Tempwd.tmpC:\Users\nicol\AppData\LocalLow\Sun\Java\Deployment\cache (0)C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM297CE.tmpC:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2CA4F.tmpC:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2CB3E.tmpC:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2DC0.tmpC:\WINDOWS\System32\config\systemprofile\AppData\Local\tw-694-3e60-c58845.tmp# Ordner:C:\Users\nicol\AppData\Local\D3DSCache (39)C:\Users\nicol\AppData\Local\Microsoft\Windows\INetCache\IE (4)C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\D3DSCache (2)C:\WINDOWS\System32\config\systemprofile\AppData\Local (2198)C:\WINDOWS\System32\config\systemprofile\AppData\Local\D3DSCache (9)# Aufgaben:# Registrierung:HKLM\Software\Policies\Mozilla\FirefoxHKLM\Software\Microsoft\Tracing\HPWarrantyChecker_RASAPI32HKLM\Software\Microsoft\Tracing\HPWarrantyChecker_RASMANCSHKLM\Software\Microsoft\Tracing\SolutionFinder_RASAPI32HKLM\Software\Microsoft\Tracing\SolutionFinder_RASMANCSHKLM\Software\Microsoft\Tracing\Squirrel_RASAPI32HKLM\Software\Microsoft\Tracing\Squirrel_RASMANCSHKLM\Software\Microsoft\Tracing\Update_RASAPI32HKLM\Software\Microsoft\Tracing\Update_RASMANCSHKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-338388EnabledHKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-338389EnabledHKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-88000326EnabledHKCU\Software\Microsoft\Windows\CurrentVersion\Run\\CiscoMeetingDaemon HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\com.squirrel.Teams.TeamsHKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HPSEU_Host_Launcher HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_B9B257C7C4ABB38D87EB5195476F971FHKLM\System\CurrentControlSet\Control\CrashControl\\AutoReboot [1] => [0]# Verschiedenes:AntiVirus Software: AvastAntiVirus Software: MalwarebytesAntiVirus Software: McAfeeAntiVirus Software: Windows DefenderWiederherstellungspunkt: Furtivex Malware Removal Script - ErstelltHKLM\Software\Microsoft\Windows Defender\Exclusions\ExtensionsHKLM\Software\Microsoft\Windows Defender\Exclusions\IpAddressesHKLM\Software\Microsoft\Windows Defender\Exclusions\PathsHKLM\Software\Microsoft\Windows Defender\Exclusions\ProcessesHKLM\Software\Microsoft\Windows Defender\Exclusions\TemporaryPathsC:\Users\nicol\AppData\Local\CrashDumps\click_and_teach.exe.12476.dmpC:\Users\nicol\AppData\Local\CrashDumps\click_and_teach.exe.13228.dmpC:\Users\nicol\AppData\Local\CrashDumps\click_and_teach.exe.13464.dmpC:\Users\nicol\AppData\Local\CrashDumps\click_and_teach.exe.13860.dmpC:\Users\nicol\AppData\Local\CrashDumps\click_and_teach.exe.1416.dmpC:\Users\nicol\AppData\Local\CrashDumps\click_and_teach.exe.14784.dmpC:\Users\nicol\AppData\Local\CrashDumps\click_and_teach.exe.17288.dmpC:\Users\nicol\AppData\Local\CrashDumps\click_and_teach.exe.4796.dmpC:\Users\nicol\AppData\Local\CrashDumps\ctfmon.exe.10260.dmpC:\Users\nicol\AppData\Local\CrashDumps\slicer.exe.6380.dmpC:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\iprntsrv.exe.5760.dmpC:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\iprntsrv.exe.7480.dmpC:\FRST\Quarantine\C\Program Files\HitmanPro\HitmanPro.exeC:\FRST\Quarantine\C\Program Files\HitmanPro\hmpsched.exeC:\FRST\Quarantine\C\ProgramData\HitmanPro\HitmanPro.keyC:\FRST\Quarantine\C\ProgramData\HitmanPro\HitmanPro.licC:\FRST\Quarantine\C\ProgramData\HitmanPro\Remnants.binC:\FRST\Quarantine\C\ProgramData\HitmanPro\Logs\HitmanPro_20250209_0636.logC:\FRST\Quarantine\C\ProgramData\HitmanPro\Logs\HitmanPro_20250209_1559.logC:\FRST\Quarantine\C\ProgramData\HitmanPro\Quarantine\quarantine.xmlC:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro 3.8 entfernen.lnkC:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnkC:\FRST\Quarantine\C\Users\nicol\Downloads\HitmanPro_x64.exe.xBADC:\FRST\Quarantine\C\WINDOWS\System32\Tasks\HPDataRetriever.xBADC:\FRST\Quarantine\C\WINDOWS\System32\Tasks\HPSupportTool.xBADC:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1612079694.xBADC:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications.xBADC:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser.xBADC:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults.xBADC:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval.xBADC:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC.xBADC:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery.xBADC:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker.xBAD# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #The FRST logs are once again attached.Thanks for your quick and easy to understand responses!</blockquote>

Verification

Top