|
Plagegeister aller Art und deren Bekämpfung: Trojaner in Email als zip heruntergeladen, enthaltene Datei aber nicht ausgeführt - Infektion?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.07.2014, 00:39 | #1 |
| Trojaner in Email als zip heruntergeladen, enthaltene Datei aber nicht ausgeführt - Infektion? Hallo liebe Community, wie der Titel schon sagt, war ich leider so blöd und habe eine Zip-Datei aus einer Email heruntergeladen, obwohl ich es eigentlich besser weiß, leider sah sie diesmal zu seriös aus. Als ich bemerkt habe, dass sich in dieser zip-Datei nur eine sehr eigenartige Datei befand, habe ich diese sofort gelöscht ohne sie auszuführen. Seitdem läuft mein Mozilla deutlich langsamer und hängt sich ab und zu auf, außerdem schlägt mein Virenprogramm nach dem Start meines PC´s an. Es sagt zwar jedesmal "Bedrohung gefunden und wird bereinigt" aber halt jedesmal nach dem Start aufs neue. Deswegen befürchte ich, dass ich mir wohl was eingefangen habe. Ich habe in einem anderen Thread schon über ein ähnliches Problem gelesen, da wurde dem Threadersteller geraten, das Programm FRST zu downloaden und zu scannen, dies habe ich bereits gemacht, Hier die FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:03-07-2014 Ran by Steve Gonsczak (administrator) on STEVEGONSCZAK on 05-07-2014 01:16:19 Running from C:\Users\Steve Gonsczak\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe (DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe () C:\Windows\System32\PnkBstrA.exe (Iminent) C:\Program Files\Common Files\Umbrella\Umbrella242.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe (AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Vtune\TBPANEL.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFCE.EXE (Oberon Media ) C:\Program Files\GamesBar\SearchEngineProtection.exe (Akamai Technologies, Inc.) C:\Users\Steve Gonsczak\AppData\Local\Akamai\netsession_win.exe () C:\Users\Steve Gonsczak\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe () C:\Program Files\MSI\US54SE_Utility\ZDWlan.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Akamai Technologies, Inc.) C:\Users\Steve Gonsczak\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1733120 2010-01-18] (VIA) HKLM\...\Run: [BCU] => C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-11-23] (DeviceVM, Inc.) HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [facemoods] => C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe [323584 2010-10-26] (facemoods.com) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.) HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.) HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] () HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\Run: [TBPanel] => C:\Program Files\Vtune\TBPanel.exe [2158592 2010-03-17] () HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\Run: [Steam] => I:\steam und co\steam.exe [1753280 2014-06-30] (Valve Corporation) HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\Run: [EPSON SX410 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [199680 2008-10-01] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\Run: [SearchEngineProtection] => C:\Program Files\Gamesbar\SearchEngineProtection.exe [568312 2010-05-31] (Oberon Media ) HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Steve Gonsczak\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Steve Gonsczak\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google) HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\Run: [kaauakjl] => C:\Users\Steve Gonsczak\AppData\Roaming\Kxlb\nhdxakjl.exe [77136 2014-07-02] () HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\RunOnce: [b42ymtv] - C:\ProgramData\wpj\caggp.exe [290816 2014-07-04] (Faronics Corporation) HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\RunOnce: [sjvc] - C:\ProgramData\geyrq\ctfkx.exe [290816 2014-07-04] (Faronics Corporation) HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\RunOnce: [77lp] - C:\ProgramData\ywhysi\ipyyht.exe [290816 2014-07-03] (Faronics Corporation) HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\MountPoints2: {410828e3-ce0b-11df-89dc-90fba68f44d7} - J:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\MountPoints2: {410828ec-ce0b-11df-89dc-90fba68f44d7} - J:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2037888514-3242928532-2918570568-1000\...\MountPoints2: {4fb79ce7-3476-11e1-a1c2-90fba68f44d7} - J:\pushinst.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MSI US54SE 802.11b+g USB Stick Utility.lnk ShortcutTarget: MSI US54SE 802.11b+g USB Stick Utility.lnk -> C:\Program Files\MSI\US54SE_Utility\ZDWlan.exe () Startup: C:\Users\Steve Gonsczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Steve Gonsczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x52F264B41728CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=FCBCB64E-4442-4740-8966-E41E0FFFE223 URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File URLSearchHook: HKLM - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) URLSearchHook: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin2.dll (Conduit Ltd.) URLSearchHook: HKCU - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin2.dll (Conduit Ltd.) URLSearchHook: HKCU - ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\ChatZum Toolbar\tbunszB7CF.tmp\tbhelper.dll () SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://search.chatzum.com/?q={searchTerms} SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://search.chatzum.com/?q={searchTerms} SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110731204842792&tb_oid=31-07-2011&tb_mrud=31-07-2011 SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=e4f3f35e00000000000000ffe9097dc4 SearchScopes: HKCU - {26550BD1-C506-4b70-A00A-043F496C0118} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms} SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=2012032197E44315A772BB78A65B24D7&q={searchTerms} SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM SearchScopes: HKCU - {4C93EE49-3416-449a-A102-676ECCC23BC0} URL = hxxp://search.iminent.com/?appId=FCBCB64E-4442-4740-8966-E41E0FFFE223&ref=toolbox&q={searchTerms} SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.chatzum.com/?q={SearchTerms} SearchScopes: HKCU - {C72B0F3E-2818-462a-94A3-5F352D39A638} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110731204842792&tb_oid=31-07-2011&tb_mrud=31-07-2011 SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Plus-HD-2.4 - {11111111-1111-1111-1111-110311341134} - C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-bho.dll (Plus HD) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) BHO: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin2.dll (Conduit Ltd.) BHO: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: TBSB09850 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ChatZum Toolbar\tbunszB7CF.tmp\tbcore3.dll () BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) Toolbar: HKLM - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.) Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin2.dll (Conduit Ltd.) Toolbar: HKLM - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) Toolbar: HKLM - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files\ChatZum Toolbar\tbunszB7CF.tmp\tbcore3.dll () Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion) Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWin2.dll (Conduit Ltd.) Toolbar: HKCU - ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files\ChatZum Toolbar\tbunszB7CF.tmp\tbcore3.dll () Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} hxxp://operation7.fiaa.eu/OPLauncher.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Winsock: Catalog9 01 bmnet.dll File Not found () Winsock: Catalog9 02 bmnet.dll File Not found () Winsock: Catalog9 03 bmnet.dll File Not found () Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Steve Gonsczak\AppData\Roaming\Mozilla\Firefox\Profiles\i6di547y.default-1402491355235 FF DefaultSearchEngine: SearchTheWeb FF SelectedSearchEngine: SearchTheWeb FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @soft-xpansion/npsxpdf - C:\Program Files\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Steve Gonsczak\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\SearchTheWeb.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Plus-HD-2.4 - C:\Users\Steve Gonsczak\AppData\Roaming\Mozilla\Firefox\Profiles\i6di547y.default-1402491355235\Extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com [2014-06-27] FF Extension: ProxTube - Unblock YouTube - C:\Users\Steve Gonsczak\AppData\Roaming\Mozilla\Firefox\Profiles\i6di547y.default-1402491355235\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2014-06-11] FF Extension: Adblock Plus - C:\Users\Steve Gonsczak\AppData\Roaming\Mozilla\Firefox\Profiles\i6di547y.default-1402491355235\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-11] FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-06-11] FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon [2010-10-02] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-31] FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files\Iminent\webbooster@iminent.com FF HKLM\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-06-26] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-06-26] FF HKLM\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-06-26] FF HKCU\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension Chrome: ======= CHR HomePage: hxxp://search.iminent.com/?appId=FCBCB64E-4442-4740-8966-E41E0FFFE223 CHR StartupUrls: "hxxp://search.iminent.com/?appId=FCBCB64E-4442-4740-8966-E41E0FFFE223" CHR Extension: (Google Docs) - C:\Users\Steve Gonsczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-21] CHR Extension: (Google Drive) - C:\Users\Steve Gonsczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steve Gonsczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24] CHR Extension: (PriceGong) - C:\Users\Steve Gonsczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok [2013-12-21] CHR Extension: (YouTube) - C:\Users\Steve Gonsczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-21] CHR Extension: (Google Search) - C:\Users\Steve Gonsczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-21] CHR Extension: (Foxtab Speed Dial (Release Candidate)) - C:\Users\Steve Gonsczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif [2013-12-21] CHR Extension: (Google Wallet) - C:\Users\Steve Gonsczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Steve Gonsczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-12-21] CHR Extension: (Gmail) - C:\Users\Steve Gonsczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-21] CHR HKLM\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files\PriceGong\2.5.3\pricegong.crx [2011-10-05] CHR HKLM\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files\FTDownloader.com\FTDownloader10.crx [2011-10-05] CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoods.crx [2010-11-24] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ========================== Services (Whitelisted) ================= S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [316816 2010-10-01] (Protection Technology) R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] R2 BCUService; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [219368 2009-11-23] (DeviceVM, Inc.) S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-05-26] () [File not signed] R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed] R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed] R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S3 npggsvc; C:\Windows\system32\GameMon.des [3993576 2011-11-17] (INCA Internet Co., Ltd.) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-09-14] () R2 SProtection; C:\Program Files\Common Files\Umbrella\Umbrella242.exe [3088192 2014-06-12] (Iminent) S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-06-26] (soft Xpansion) R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed] ==================== Drivers (Whitelisted) ==================== R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277736 2008-07-30] (Protect Software GmbH) R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3033712 2010-10-01] (Protection Technology) R3 athrusb6; C:\Windows\System32\DRIVERS\athru6.sys [871936 2007-08-01] (Atheros Communications, Inc.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2012-01-22] () S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-01] (AVM Berlin) [File not signed] U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed] S3 Cardex; C:\Windows\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider) R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2011-08-01] (Eugene V. Muzychenko) S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [926080 2010-10-01] (AVM GmbH) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2012-01-22] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [17408 2008-08-14] (Creative Technology Ltd.) R2 TBPanel; C:\Windows\system32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider) S1 tcpipBM; C:\Windows\system32\Drivers\tcpipBM.sys [18816 2008-10-09] (Bytemobile, Inc.) [File not signed] R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1119232 2010-01-11] (VIA Technologies, Inc.) S3 ALSysIO; \??\C:\Users\STEVEG~1\AppData\Local\Temp\ALSysIO.sys [X] S3 cpuz132; \??\C:\Users\STEVEG~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X] S3 EagleNT; \??\C:\Users\STEVEG~1\AppData\Local\Temp\EagleNT.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 FXDrv32; \??\D:\FXDrv32.sys [X] S3 taphss; system32\DRIVERS\taphss.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] S3 XDva375; \??\C:\Windows\system32\XDva375.sys [X] S3 XDva380; \??\C:\Windows\system32\XDva380.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-05 01:16 - 2014-07-05 01:17 - 00032886 _____ () C:\Users\Steve Gonsczak\Downloads\FRST.txt 2014-07-05 01:15 - 2014-07-05 01:16 - 00000000 ____D () C:\FRST 2014-07-05 01:15 - 2014-07-05 01:15 - 01073664 _____ (Farbar) C:\Users\Steve Gonsczak\Downloads\FRST.exe 2014-07-05 01:14 - 2014-07-05 01:15 - 00448788 _____ () C:\Users\Steve Gonsczak\Documents\cc_20140705_011445.reg 2014-07-05 00:34 - 2014-07-05 00:34 - 00000000 ____D () C:\ProgramData\wljfank 2014-07-05 00:34 - 2014-07-05 00:34 - 00000000 ____D () C:\ProgramData\eahqygc 2014-07-04 20:46 - 2014-07-05 00:35 - 00000000 ____D () C:\ProgramData\hgdlp 2014-07-04 20:46 - 2014-07-04 20:46 - 00000000 ____D () C:\ProgramData\vybfmt 2014-07-04 20:46 - 2014-07-04 20:46 - 00000000 ____D () C:\ProgramData\geyrq 2014-07-04 13:59 - 2014-07-05 00:35 - 00000000 ____D () C:\ProgramData\wsg 2014-07-04 13:59 - 2014-07-04 13:59 - 00000000 ____D () C:\ProgramData\xjrxb 2014-07-04 13:59 - 2014-07-04 13:59 - 00000000 ____D () C:\ProgramData\wpj 2014-07-04 13:54 - 2014-07-04 13:54 - 00000000 ____D () C:\ProgramData\tudrg 2014-07-03 13:53 - 2014-07-05 00:35 - 00000000 ____D () C:\ProgramData\jphpv 2014-07-03 13:53 - 2014-07-03 13:53 - 00000000 ____D () C:\ProgramData\ywhysi 2014-07-03 13:53 - 2014-07-03 13:53 - 00000000 ____D () C:\ProgramData\arkl 2014-07-02 17:55 - 2014-07-04 13:53 - 00000000 ____D () C:\ProgramData\utypcj 2014-07-02 14:30 - 2014-07-04 13:53 - 00000000 ____D () C:\ProgramData\wpjvfq 2014-07-02 14:30 - 2014-07-03 13:53 - 00000000 ____D () C:\ProgramData\xhlnyyl 2014-07-02 14:30 - 2014-07-02 14:30 - 00000000 ____D () C:\ProgramData\vdoge 2014-07-02 13:34 - 2014-07-05 00:44 - 00000000 ____D () C:\ProgramData\rfnenps 2014-07-02 13:34 - 2014-07-02 17:54 - 00000000 ____D () C:\ProgramData\ltsq 2014-07-02 13:34 - 2014-07-02 17:54 - 00000000 ____D () C:\ProgramData\ecnr 2014-07-02 13:34 - 2014-07-02 14:30 - 00000000 ____D () C:\ProgramData\thgdj 2014-07-02 13:34 - 2014-07-02 13:34 - 00000000 ____D () C:\ProgramData\yhodro 2014-07-02 13:21 - 2014-07-02 13:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steve Gonsczak\Downloads\hijackthis_5833.exe 2014-07-02 13:17 - 2014-07-05 00:35 - 00000000 ____D () C:\ProgramData\mpsbrva 2014-07-02 00:21 - 2014-07-02 00:21 - 00000000 ___HD () C:\Users\Steve Gonsczak\AppData\Roaming\Kxlb 2014-06-27 20:34 - 2014-06-27 20:34 - 00000209 _____ () C:\Users\Steve Gonsczak\Desktop\Don Bradman Cricket 14 Demo.url 2014-06-25 20:08 - 2014-06-25 20:08 - 00012861 _____ () C:\Users\Steve Gonsczak\Desktop\LoL Analyse.odt 2014-06-19 14:17 - 2014-06-19 14:17 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-12 16:38 - 2014-06-12 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ____D () C:\Users\Steve Gonsczak\AppData\Local\NVIDIA 2014-06-12 16:33 - 2014-03-04 13:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2014-06-11 22:43 - 2014-06-11 22:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-11 14:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-06-11 14:41 - 2014-06-11 14:42 - 00000000 ____D () C:\AdwCleaner 2014-06-11 14:41 - 2014-06-11 14:41 - 01333465 _____ () C:\Users\Steve Gonsczak\Downloads\adwcleaner_3.212.exe 2014-06-11 14:28 - 2014-06-11 14:28 - 00000000 __SHD () C:\Users\Steve Gonsczak\AppData\Local\EmieUserList 2014-06-11 14:28 - 2014-06-11 14:28 - 00000000 __SHD () C:\Users\Steve Gonsczak\AppData\Local\EmieSiteList 2014-06-11 13:07 - 2014-06-11 13:07 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-06-11 13:05 - 2014-06-11 14:29 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP 2014-06-11 13:04 - 2014-06-11 13:04 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Steve Gonsczak\Downloads\sh-remover.exe 2014-06-11 12:43 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 12:43 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 12:43 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 12:43 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 12:43 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 12:43 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 12:43 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 12:43 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 12:43 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 12:43 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 12:43 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 12:43 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 12:43 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 12:43 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 12:43 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 12:43 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 12:43 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 12:43 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 12:43 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 12:43 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 12:43 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 12:43 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 12:43 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 12:43 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 12:43 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 12:43 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 12:43 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 12:43 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 12:42 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 12:42 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-11 12:42 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 12:42 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 12:42 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 12:42 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 12:42 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 12:42 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 12:42 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-10 14:29 - 2014-06-13 11:07 - 00000000 ____D () C:\Program Files\Common Files\Umbrella ==================== One Month Modified Files and Folders ======= 2014-07-05 01:17 - 2014-07-05 01:16 - 00032886 _____ () C:\Users\Steve Gonsczak\Downloads\FRST.txt 2014-07-05 01:16 - 2014-07-05 01:15 - 00000000 ____D () C:\FRST 2014-07-05 01:15 - 2014-07-05 01:15 - 01073664 _____ (Farbar) C:\Users\Steve Gonsczak\Downloads\FRST.exe 2014-07-05 01:15 - 2014-07-05 01:14 - 00448788 _____ () C:\Users\Steve Gonsczak\Documents\cc_20140705_011445.reg 2014-07-05 01:13 - 2009-07-14 06:34 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-05 01:13 - 2009-07-14 06:34 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-05 01:08 - 2010-10-18 21:30 - 00000000 ____D () C:\Users\Steve Gonsczak\AppData\Roaming\TS3Client 2014-07-05 01:07 - 2010-10-26 17:27 - 00000000 ____D () C:\Windows\Minidump 2014-07-05 01:07 - 2010-10-18 21:34 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-05 00:57 - 2012-09-09 14:08 - 00007603 _____ () C:\Users\Steve Gonsczak\AppData\Local\Resmon.ResmonCfg 2014-07-05 00:44 - 2014-07-02 13:34 - 00000000 ____D () C:\ProgramData\rfnenps 2014-07-05 00:39 - 2010-10-01 14:56 - 01427987 ____N () C:\Windows\WindowsUpdate.log 2014-07-05 00:36 - 2014-04-30 18:07 - 00000000 ___RD () C:\Users\Steve Gonsczak\Google Drive 2014-07-05 00:36 - 2012-02-12 13:27 - 00000000 ____D () C:\Users\Steve Gonsczak\AppData\Local\Deployment 2014-07-05 00:36 - 2011-05-02 17:35 - 00000000 ____D () C:\Users\Steve Gonsczak\AppData\Roaming\Skype 2014-07-05 00:35 - 2014-07-04 20:46 - 00000000 ____D () C:\ProgramData\hgdlp 2014-07-05 00:35 - 2014-07-04 13:59 - 00000000 ____D () C:\ProgramData\wsg 2014-07-05 00:35 - 2014-07-03 13:53 - 00000000 ____D () C:\ProgramData\jphpv 2014-07-05 00:35 - 2014-07-02 13:17 - 00000000 ____D () C:\ProgramData\mpsbrva 2014-07-05 00:34 - 2014-07-05 00:34 - 00000000 ____D () C:\ProgramData\wljfank 2014-07-05 00:34 - 2014-07-05 00:34 - 00000000 ____D () C:\ProgramData\eahqygc 2014-07-05 00:34 - 2013-06-26 11:56 - 00001824 _____ () C:\Windows\Tasks\Plus-HD-2.4-firefoxinstaller.job 2014-07-05 00:34 - 2013-06-26 11:56 - 00001204 _____ () C:\Windows\Tasks\Plus-HD-2.4-codedownloader.job 2014-07-05 00:34 - 2013-06-26 11:56 - 00001200 _____ () C:\Windows\Tasks\Plus-HD-2.4-updater.job 2014-07-05 00:34 - 2013-06-26 11:56 - 00001104 _____ () C:\Windows\Tasks\Plus-HD-2.4-enabler.job 2014-07-05 00:34 - 2010-10-18 21:34 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-05 00:34 - 2010-10-01 16:21 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-05 00:34 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-05 00:31 - 2011-07-12 14:19 - 03629056 ___SH () C:\Users\Steve Gonsczak\Desktop\Thumbs.db 2014-07-05 00:25 - 2013-06-29 15:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-04 22:48 - 2013-08-14 16:33 - 00000000 ____D () C:\Users\Steve Gonsczak\AppData\Local\Akamai 2014-07-04 20:46 - 2014-07-04 20:46 - 00000000 ____D () C:\ProgramData\vybfmt 2014-07-04 20:46 - 2014-07-04 20:46 - 00000000 ____D () C:\ProgramData\geyrq 2014-07-04 13:59 - 2014-07-04 13:59 - 00000000 ____D () C:\ProgramData\xjrxb 2014-07-04 13:59 - 2014-07-04 13:59 - 00000000 ____D () C:\ProgramData\wpj 2014-07-04 13:54 - 2014-07-04 13:54 - 00000000 ____D () C:\ProgramData\tudrg 2014-07-04 13:53 - 2014-07-02 17:55 - 00000000 ____D () C:\ProgramData\utypcj 2014-07-04 13:53 - 2014-07-02 14:30 - 00000000 ____D () C:\ProgramData\wpjvfq 2014-07-03 20:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-03 13:53 - 2014-07-03 13:53 - 00000000 ____D () C:\ProgramData\ywhysi 2014-07-03 13:53 - 2014-07-03 13:53 - 00000000 ____D () C:\ProgramData\arkl 2014-07-03 13:53 - 2014-07-02 14:30 - 00000000 ____D () C:\ProgramData\xhlnyyl 2014-07-02 17:54 - 2014-07-02 13:34 - 00000000 ____D () C:\ProgramData\ltsq 2014-07-02 17:54 - 2014-07-02 13:34 - 00000000 ____D () C:\ProgramData\ecnr 2014-07-02 14:30 - 2014-07-02 14:30 - 00000000 ____D () C:\ProgramData\vdoge 2014-07-02 14:30 - 2014-07-02 13:34 - 00000000 ____D () C:\ProgramData\thgdj 2014-07-02 13:34 - 2014-07-02 13:34 - 00000000 ____D () C:\ProgramData\yhodro 2014-07-02 13:21 - 2014-07-02 13:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Steve Gonsczak\Downloads\hijackthis_5833.exe 2014-07-02 00:21 - 2014-07-02 00:21 - 00000000 ___HD () C:\Users\Steve Gonsczak\AppData\Roaming\Kxlb 2014-07-01 18:57 - 2014-05-14 20:18 - 00000000 ____D () C:\Users\Steve Gonsczak\AppData\Local\PMB Files 2014-07-01 18:57 - 2014-05-14 20:18 - 00000000 ____D () C:\ProgramData\PMB Files 2014-06-30 17:08 - 2010-10-14 21:46 - 00000000 ____D () C:\Users\Steve Gonsczak\Documents\My Games 2014-06-27 20:34 - 2014-06-27 20:34 - 00000209 _____ () C:\Users\Steve Gonsczak\Desktop\Don Bradman Cricket 14 Demo.url 2014-06-25 20:08 - 2014-06-25 20:08 - 00012861 _____ () C:\Users\Steve Gonsczak\Desktop\LoL Analyse.odt 2014-06-24 18:06 - 2013-10-24 22:23 - 00000000 ____D () C:\Users\Steve Gonsczak\AppData\Local\Battle.net 2014-06-20 03:15 - 2013-07-24 03:13 - 00000000 ____D () C:\Program Files\File Type Advisor 2014-06-20 01:10 - 2014-04-30 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-06-20 00:53 - 2014-04-25 22:17 - 00000000 ____D () C:\Users\Steve Gonsczak\Documents\Masters of the World 2014-06-19 14:17 - 2014-06-19 14:17 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-19 14:17 - 2014-03-22 14:30 - 00000000 ___RD () C:\Program Files\Skype 2014-06-19 14:17 - 2011-05-02 17:34 - 00000000 ____D () C:\ProgramData\Skype 2014-06-18 14:56 - 2010-10-01 15:03 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-18 14:24 - 2014-01-12 13:53 - 00000000 ____D () C:\Users\Steve Gonsczak\AppData\Local\WebPlayer 2014-06-13 11:07 - 2014-06-10 14:29 - 00000000 ____D () C:\Program Files\Common Files\Umbrella 2014-06-12 19:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-06-12 16:38 - 2014-06-12 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ____D () C:\Users\Steve Gonsczak\AppData\Local\NVIDIA 2014-06-12 16:35 - 2011-04-24 16:36 - 00000000 ____D () C:\Temp 2014-06-12 16:33 - 2010-10-01 16:19 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-06-12 16:31 - 2011-03-12 15:57 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-06-12 13:36 - 2013-12-03 19:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-06-12 03:27 - 2014-05-07 00:50 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-12 03:05 - 2013-08-14 21:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 03:01 - 2012-01-01 18:48 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-11 22:43 - 2014-06-11 22:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-11 14:42 - 2014-06-11 14:41 - 00000000 ____D () C:\AdwCleaner 2014-06-11 14:41 - 2014-06-11 14:41 - 01333465 _____ () C:\Users\Steve Gonsczak\Downloads\adwcleaner_3.212.exe 2014-06-11 14:29 - 2014-06-11 13:05 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP 2014-06-11 14:28 - 2014-06-11 14:28 - 00000000 __SHD () C:\Users\Steve Gonsczak\AppData\Local\EmieUserList 2014-06-11 14:28 - 2014-06-11 14:28 - 00000000 __SHD () C:\Users\Steve Gonsczak\AppData\Local\EmieSiteList 2014-06-11 13:07 - 2014-06-11 13:07 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-06-11 13:05 - 2012-05-19 02:04 - 00001470 _____ () C:\Windows\system32\InstallUtil.InstallLog 2014-06-11 13:05 - 2010-10-14 18:06 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-06-11 13:04 - 2014-06-11 13:04 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Steve Gonsczak\Downloads\sh-remover.exe 2014-06-10 20:24 - 2013-10-24 22:23 - 00000000 ____D () C:\Program Files\Battle.net 2014-06-08 10:48 - 2014-06-11 12:42 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 10:43 - 2014-06-11 12:42 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Files to move or delete: ==================== C:\ProgramData\1McMiJ.dat Some content of TEMP: ==================== C:\Users\Steve Gonsczak\AppData\Local\Temp\BI_RunOnce.exe C:\Users\Steve Gonsczak\AppData\Local\Temp\FLVPlayerSetup.exe C:\Users\Steve Gonsczak\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe C:\Users\Steve Gonsczak\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe C:\Users\Steve Gonsczak\AppData\Local\Temp\SHSetup.exe C:\Users\Steve Gonsczak\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-30 15:48 ==================== End Of Log ============================ --- --- --- --- --- --- und die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:03-07-2014 Ran by Steve Gonsczak at 2014-07-05 01:17:44 Running from C:\Users\Steve Gonsczak\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== µTorrent (HKLM\...\uTorrent) (Version: 3.1.3 - ) 3Com OfficeConnect Wireless 54Mbps 11g USB Adapter (HKLM\...\{8F2C8130-8A34-40A7-9FC8-5D87001AC99E}) (Version: 4.0.1.0 - 3Com Corporation) 50 FREE MP3s +1 Free Audiobook! (HKLM\...\eMusic Promotion) (Version: 1.0.0.1 - eMusic.com Inc) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader 9.4.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.5 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.) Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft PhotoImpression (HKLM\...\{6C5D7191-140A-11D6-B5A0-0050DA208A93}) (Version: - ) Arma 2 (HKLM\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (HKLM\...\Steam App 219540) (Version: - ) Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - ) Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd) AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version: - ) Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.) Browser Configuration Utility (HKLM\...\{DEF059B7-A738-4FDF-8AB0-8EC6802A356E}) (Version: 0.0.4.0 - DeviceVM Inc.) Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) ChatZum Toolbar (HKLM\...\ChatZum Toolbar) (Version: 1.0.14 - ChatZum) Cockatrice (HKLM\...\Cockatrice) (Version: - ) Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve) Counter-Strike: Condition Zero (HKLM\...\Steam App 80) (Version: - Valve) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve) CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DAoC Portal (HKLM\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light) DAOC-Charplan (HKLM\...\DAOCCharplan) (Version: - ) Dark Age of Camelot (HKLM\...\Dark Age of Camelot) (Version: - Electronic Arts) DARK SOULS™ II (HKLM\...\Steam App 236430) (Version: - FromSoftware, Inc) DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive) DayZ Commander (HKLM\...\{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}) (Version: 0.92.79 - Dotjosh Studios) Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment) Divinity Original Sin (HKLM\...\Steam App 230230) (Version: - Larian Studios) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.5 - DivX, LLC) Don Bradman Cricket 14 Demo (HKLM\...\Steam App 303990) (Version: - Big Ant Studios) Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION Druckerdeinstallation für EPSON SX410 Series (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation) Dungeon Defenders (HKLM\...\Steam App 65800) (Version: - Trendy Entertainment) DVDStyler v2.6 (HKLM\...\DVDStyler_is1) (Version: - ) DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: 6.8.5.1 - DVDVideoSoftTB) EPSON Copy Utility (HKLM\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version: - ) EPSON Photo Print (HKLM\...\{D379964B-685C-44D5-AE46-C953A9FEEA14}) (Version: - ) EPSON PhotoQuicker3.2 (HKLM\...\{B2EFE303-A594-11D5-95EB-005004BC1C65}) (Version: - ) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - ) EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - ) Facemoods Toolbar (HKLM\...\facemoods) (Version: - ) <==== ATTENTION File Type Advisor 1.0 (HKLM\...\File Type Advisor_is1) (Version: - filetypeadvisor.com) FilesFrog Update Checker (HKLM\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG) Fraps (remove only) (HKLM\...\Fraps) (Version: - ) Free Audio CD Burner version 1.4.8 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.) Free M4a to MP3 Converter 8.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free YouTube to MP3 Converter version 3.12.8.717 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.8.717 - DVDVideoSoft Ltd.) Freemium Free PDF Perfect (HKLM\...\{88265079-D6F4-4292-86BE-D2053E80BFE4}) (Version: 1.0 - Freemium) GameCenter (HKLM\...\GameCenter) (Version: - ) GameCenter 1.3.0.6 (HKLM\...\GameCenter_is1) (Version: 1.3.0.6 - Cyanide) GamesBar 2.0.1.55 (HKLM\...\GamesBar) (Version: 2.0.1.55 - Oberon Media, Inc.) GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - ) Genesis version Genesis Launcher 1.005 (HKLM\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.005 - Pawel D. alias Laplume for Genesis.) Genesis version Patch (HKLM\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Drive (HKLM\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) iTunes (HKLM\...\{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}) (Version: 10.3.1.55 - Apple Inc.) Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JDownloader 0.9 (HKLM\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH) K-Lite Codec Pack 6.4.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.4.0 - ) League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (Version: 3.0.1 - Riot Games ) Hidden Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) LOLReplay (HKLM\...\LOLReplay) (Version: 0.8.7 - www.leaguereplays.com) Magic: The Gathering - Duels of the Planeswalkers 2013 (HKLM\...\Steam App 97330) (Version: - ) MAGIX Music Maker 17 Download-Version (HKLM\...\MAGIX_MSI_mm17) (Version: 17.0.0.16 - MAGIX AG) MAGIX Music Maker 17 Download-Version (Version: 17.0.0.16 - MAGIX AG) Hidden MAGIX Screenshare (HKLM\...\{E04D1AC1-B3AF-4C1A-B7E0-B37A058271CE}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Speed burnR (MSI) (HKLM\...\{300DFCBA-348B-4FD6-AE50-1D3CDFEE6314}) (Version: 7.0.2.6 - MAGIX AG) Masters of the World (HKLM\...\MOW 2013 ENGLISH DL) (Version: 5.07 - Eversim) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00 - Microsoft Corporation) Hidden Microsoft Visual Basic for Applications 7.1 (x86) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mouse Recorder Pro 2.0.7.4 (HKLM\...\{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1) (Version: - Nemex Studios) Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSI US54SE 802.11 b+g USB Stick (HKLM\...\{581CE7EA-A30D-0000-1211-088635773309}) (Version: - ) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) Neffy 1,3,29,0 (HKLM\...\Neffy) (Version: 1,3,29,0 - CDNetworks) NetBattle (HKLM\...\NetBattle_is1) (Version: 0.9.6 - HubertWare) NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation) NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden OpenOffice.org 3.2 (HKLM\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org) Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) Path of Exile (HKLM\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.0.22397 - Grinding Gear Games) PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge) Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden Plus-HD-2.4 (HKLM\...\Plus-HD-2.4) (Version: 1.27.153.6 - Plus HD) <==== ATTENTION Pokémon Trading Card Game Online (HKLM\...\{496D7B7E-EBDC-4E2B-B021-4FF03B188B69}) (Version: 1.0.0 - The Pokémon Company International) Poket Script 1.2 (HKLM\...\Poket Script) (Version: 1.2 - Poket Witch Studios) Pro Cycling Manager - Season 2009 1.0.3.3 (HKLM\...\Pro Cycling Manager 2009_is1) (Version: 1.0.3.3 - Cyanide Entertainment) Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek) ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - ) Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Source SDK (HKLM\...\Steam App 211) (Version: - Valve) Source SDK Base 2006 (HKLM\...\Steam App 215) (Version: - Valve) Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 2 RC2 (HKLM\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer) TERA (HKLM\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.6 - En Masse Entertainment) Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - ) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN) Vodafone Mobile Connect Lite (HKLM\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone) Vtune 7.8 (HKLM\...\Vtune_is1) (Version: - ) Winamp (HKLM\...\Winamp) (Version: 5.621 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Winamp Toolbar (HKCU\...\Winamp Toolbar) (Version: - ) <==== ATTENTION Winamp Toolbar (HKLM\...\Winamp Toolbar) (Version: - ) <==== ATTENTION Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Winload Toolbar (HKLM\...\Winload Toolbar) (Version: 6.3.3.3 - ) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment) Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - ) Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC) <==== ATTENTION YTD Video Downloader 4.5.1 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.5.1 - GreenTree Applications SRL) ==================== Restore Points ========================= 02-07-2014 11:40:25 Microsoft Antimalware Checkpoint 03-07-2014 11:54:17 Microsoft Antimalware Checkpoint 03-07-2014 12:15:54 Windows Update 04-07-2014 11:58:46 Microsoft Antimalware Checkpoint 04-07-2014 22:59:32 Removed Internet Explorer Toolbar 4.6 by SweetPacks ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0374ECC1-7C77-41C5-9747-72FAC62EB0F2} - System32\Tasks\Plus-HD-2.4-updater => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-updater.exe [2013-06-26] (Plus HD) <==== ATTENTION Task: {0CB5F5DF-7C48-42D2-95EB-F72A8670B623} - System32\Tasks\Plus-HD-2.4-firefoxinstaller => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-firefoxinstaller.exe [2013-06-26] (Plus HD) <==== ATTENTION Task: {3221FDA9-AA8F-4C6B-8743-A1707C7E41C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-18] (Google Inc.) Task: {44D88556-70CD-4D1B-9A44-EBB7D6CC9176} - System32\Tasks\{C1DCCE9B-4C21-4E20-8942-A161B6D0438B} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.) Task: {556B10C2-686D-4456-8BD6-F4CA145DE7C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: {70DECF87-6099-4770-8AA2-7CBCB807C5FF} - System32\Tasks\Plus-HD-2.4-enabler => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-enabler.exe [2013-10-14] (Plus HD) <==== ATTENTION Task: {86E7C2EF-315B-4D05-882F-549EDEC9E643} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-18] (Google Inc.) Task: {9D091997-962A-467F-92B7-C212E8D08D98} - System32\Tasks\Plus-HD-2.4-codedownloader => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-codedownloader.exe [2013-06-26] (Plus HD) <==== ATTENTION Task: {AE884FED-83AA-4177-B661-213B92A22F10} - System32\Tasks\{17488DE4-1F2C-4243-8D40-E2EA7135720C} => C:\Program Files\EishockeyManager2009\EishockeyManager2009.exe Task: {AF6897C5-9135-4E43-944A-709A510E371A} - System32\Tasks\FileAdvisorCheck => C:\Program Files\File Type Advisor\file-type-advisor.exe [2013-07-12] (filetypeadvisor.com ) Task: {C85D9630-A1E2-4107-BDC2-FCCE6F6BF7D3} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Steve Gonsczak\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-10-17] (Somoto) <==== ATTENTION Task: {D75F7BD2-A5DA-4AF0-BCBC-C0E248B9599E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {E964D53A-B2E3-4D1D-BE9F-3F0AE35B0950} - System32\Tasks\{2B97ED0B-B74C-4484-BAA5-0E2DD92BB58E} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-06-12] () Task: {EBEA1F90-966B-4E4B-B5C2-5376D834AB13} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor) Task: {EDD22DD4-2C83-458A-A638-F38A2B8DC391} - System32\Tasks\{05FB70DC-8274-4654-B120-49E2FA5D0146} => Firefox.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Plus-HD-2.4-codedownloader.job => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-2.4-enabler.job => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-enabler.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-2.4-firefoxinstaller.job => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-firefoxinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-2.4-updater.job => C:\Program Files\Plus-HD-2.4\Plus-HD-2.4-updater.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2012-11-18 04:04 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2013-09-14 13:12 - 2013-09-14 13:12 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe 2010-10-01 16:06 - 2009-05-07 10:50 - 00073728 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll 2010-10-01 16:06 - 2009-05-07 10:53 - 00106496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll 2010-10-01 16:06 - 2008-02-14 07:57 - 00094208 ____R () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll 2010-10-01 16:06 - 2009-11-03 05:11 - 47628288 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll 2009-10-12 16:38 - 2009-10-12 16:38 - 00503202 _____ () C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll 2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll 2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2010-10-01 16:17 - 2010-03-17 17:31 - 02158592 _____ () C:\Program Files\Vtune\TBPANEL.exe 2010-10-01 16:17 - 1998-10-31 04:55 - 00005120 _____ () C:\Program Files\Vtune\TBManage.dll 2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Steve Gonsczak\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 2010-10-02 12:02 - 2006-02-17 02:51 - 00483328 _____ () C:\Program Files\MSI\US54SE_Utility\ZDWlan.exe 2010-10-02 12:02 - 2005-11-10 15:50 - 00212992 _____ () C:\Program Files\MSI\US54SE_Utility\dot1x_dll.dll 2010-10-02 12:02 - 2005-11-11 14:46 - 00045056 _____ () C:\Program Files\MSI\US54SE_Utility\ZDWLAN.dll 2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2014-06-11 22:43 - 2014-06-11 22:43 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/05/2014 00:53:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: update_checker.exe, Version: 4.3.0.0, Zeitstempel: 0x525d9c67 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052d94 ID des fehlerhaften Prozesses: 0x1664 Startzeit der fehlerhaften Anwendung: 0xupdate_checker.exe0 Pfad der fehlerhaften Anwendung: update_checker.exe1 Pfad des fehlerhaften Moduls: update_checker.exe2 Berichtskennung: update_checker.exe3 Error: (07/05/2014 00:34:36 AM) (Source: VMCService) (EventID: 0) (User: ) Description: conflictManagerTypeValue Error: (07/05/2014 00:29:13 AM) (Source: VMCService) (EventID: 0) (User: ) Description: conflictManagerTypeValue Error: (07/05/2014 00:26:57 AM) (Source: VMCService) (EventID: 0) (User: ) Description: GetProcessOwner Error: (07/04/2014 10:48:03 PM) (Source: MsiInstaller) (EventID: 11310) (User: SteveGonsczak) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Steve Gonsczak\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (07/04/2014 10:47:22 PM) (Source: MsiInstaller) (EventID: 11310) (User: SteveGonsczak) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Steve Gonsczak\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (07/04/2014 05:58:09 PM) (Source: MsiInstaller) (EventID: 11310) (User: SteveGonsczak) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Steve Gonsczak\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (07/04/2014 05:57:30 PM) (Source: MsiInstaller) (EventID: 11310) (User: SteveGonsczak) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Steve Gonsczak\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (07/04/2014 01:58:43 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {58d33faa-7b58-45d5-abe8-ef60b65cc870} Error: (07/04/2014 01:56:44 PM) (Source: MsiInstaller) (EventID: 11310) (User: SteveGonsczak) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Steve Gonsczak\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. System errors: ============= Error: (07/05/2014 00:35:22 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} Error: (07/05/2014 00:34:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet: %%-2147417831 Error: (07/05/2014 00:34:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: tcpipBM Error: (07/05/2014 00:32:32 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (07/05/2014 00:31:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/05/2014 00:31:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/05/2014 00:31:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/05/2014 00:31:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/05/2014 00:31:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/05/2014 00:31:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (07/05/2014 00:53:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: update_checker.exe4.3.0.0525d9c67ntdll.dll6.1.7601.18247521ea91cc000000500052d94166401cf97d833dfd64fC:\Users\Steve Gonsczak\AppData\Local\FilesFrog Update Checker\update_checker.exeC:\Windows\SYSTEM32\ntdll.dll059dbe2d-03ce-11e4-aeb4-8fa6d13e0021 Error: (07/05/2014 00:34:36 AM) (Source: VMCService) (EventID: 0) (User: ) Description: conflictManagerTypeValue Error: (07/05/2014 00:29:13 AM) (Source: VMCService) (EventID: 0) (User: ) Description: conflictManagerTypeValue Error: (07/05/2014 00:26:57 AM) (Source: VMCService) (EventID: 0) (User: ) Description: GetProcessOwner Error: (07/04/2014 10:48:03 PM) (Source: MsiInstaller) (EventID: 11310) (User: SteveGonsczak) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Steve Gonsczak\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/04/2014 10:47:22 PM) (Source: MsiInstaller) (EventID: 11310) (User: SteveGonsczak) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Steve Gonsczak\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/04/2014 05:58:09 PM) (Source: MsiInstaller) (EventID: 11310) (User: SteveGonsczak) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Steve Gonsczak\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/04/2014 05:57:30 PM) (Source: MsiInstaller) (EventID: 11310) (User: SteveGonsczak) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Steve Gonsczak\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/04/2014 01:58:43 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {58d33faa-7b58-45d5-abe8-ef60b65cc870} Error: (07/04/2014 01:56:44 PM) (Source: MsiInstaller) (EventID: 11310) (User: SteveGonsczak) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Steve Gonsczak\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 47% Total physical RAM: 3255.12 MB Available physical RAM: 1715.38 MB Total Pagefile: 9397.41 MB Available Pagefile: 7328.33 MB Total Virtual: 3071.88 MB Available Virtual: 2907.41 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:233.93 GB) (Free:35.67 GB) NTFS Drive i: (Lokaler Datenträger) (Fixed) (Total:229.83 GB) (Free:57.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 88F73D13) Partition 1: (Active) - (Size=2 GB) - (Type=06) Partition 2: (Not Active) - (Size=234 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=230 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Win-7 32-bit Ich hoffe ihr könnt mir helfen. freundliche Grüße Spanaikos PS: Ich kenn mich leider fast garnicht mich Computern aus und bin ein klassische DAU. Geändert von Spanaikos (05.07.2014 um 00:50 Uhr) |
05.07.2014, 10:04 | #2 |
/// Selecta Jahrusso | Trojaner in Email als zip heruntergeladen, enthaltene Datei aber nicht ausgeführt - Infektion?Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Deinstalliere bitte Bundled software uninstaller ChatZum Toolbar Download Updater Facemoods Toolbar FilesFrog Update Checker Plus-HD-2.4 << Ist wahrscheinlich für die Infektion hier verantwortlich Winamp Toolbar Yontoo 1.10.03 Starte den Rechner nach der letzten Deinstallation neu. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
05.07.2014, 16:12 | #3 |
| Trojaner in Email als zip heruntergeladen, enthaltene Datei aber nicht ausgeführt - Infektion? Hey,
__________________erstmal Dank für deine Hilfe. Habe ein Problem bei der deintallation von "ChatZum Toolbar" Er sagt mir dabei, dass ich Administrationsrechte benötige, um dieses Programm zu deinstallieren, welche ich aber eigentich habe. Wie soll ich nun fortfahren? Edit: Außerdem find ich das Programm "FilesFrog Update Checker" nich unter deinstallation. Ich habe dort nur "File Type Advisor 1.0" mit ähnlichen Namen. Hey, habe mich nach der Beratung mit einem Bekannten dazu entschieden meinen PC zu formatieren und neu aufzusetzen, da in den letzten Jahren dort wohl mehr Müll drauf kam, als ich anfangs dachte. Trotzdem Danke für deine Hilfe. Thread kann geschlossen werden. Geändert von Spanaikos (05.07.2014 um 11:20 Uhr) |
05.07.2014, 17:16 | #4 |
/// Selecta Jahrusso | Trojaner in Email als zip heruntergeladen, enthaltene Datei aber nicht ausgeführt - Infektion? Gute Entscheidung
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
Themen zu Trojaner in Email als zip heruntergeladen, enthaltene Datei aber nicht ausgeführt - Infektion? |
4d36e972-e325-11ce-bfc1-08002be10318, andere, anderen, ausgeführt, benötigt, besser, blöd, community, datei, daten, downloaden, dvdvideosoft ltd., eigenartige, einfach, email, freemium, gelöscht, hotspot, icreinstall, infektion, problem, programm, scan, scanne, scannen, seriös, sofort, thread, trojaner, ähnliches |