|
Plagegeister aller Art und deren Bekämpfung: Browser öffnet sich die ganze zeit automatisch im HintergrundWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.11.2014, 23:04 | #1 |
| Browser öffnet sich die ganze zeit automatisch im Hintergrund Hallo, ich habe folgendes Problem und zwar seit ca. 4 Stunden öffnet sich mein Browser (Google Chrome) die ganze zeit im Hintergrund, das sieht dann in etwas so aus jede zweite Sekunde wird ein neuer Prozess erstellt mit chrome.exe. Ich habe schon versucht Google Chrome zu deinstallieren das bring aber nichts weil dann plötzlich das selbe nur mit Internet Explorer passiert. Folgendes habe ich schon probiert ohne Erfolg: -adwcleaner -ccleaner (beim reinigen schließt CCleaner wieder alle Prozesse von Chrome aber nach 5 Sekunden beginnt es wieder von neu) -malwarebytes der erkennt zwar Viren diese werden auch in die Quarantäne gehauen das bringt aber auch nichts. Ich hoffe wirklich jemand kann mir da weiterhelfen ich danke schon mal jedem der sich die Zeit nimmt das hier zu lesen. Geändert von Dima95 (25.11.2014 um 00:00 Uhr) |
25.11.2014, 00:53 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnet sich die ganze zeit automatisch im Hintergrund Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
25.11.2014, 10:09 | #3 |
| Browser öffnet sich die ganze zeit automatisch im HintergrundFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01 Ran by DIMA (administrator) on DIMA-PC on 25-11-2014 09:42:35 Running from C:\Users\DIMA\Desktop Loaded Profiles: DIMA & (Available profiles: DIMA) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Users\DIMA\sJz64H\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [179600 2012-11-19] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe [1826816 2012-11-22] (Nuance Communications, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\Run: [Google+ Auto Backup] => C:\Users\DIMA\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.) HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\Run: [HKCU] => C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe [784290 2014-05-17] () HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\RunOnce: [tKi81K] => C:\Users\DIMA\sJz64H\svchost.exe [784290 2014-05-17] () HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\Policies\Explorer: [NoFolderOptions] 1 HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\MountPoints2: {8ff8575b-03cf-11e1-b1d0-002511708c7a} - K:\AutoRun.exe --autorun HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\MountPoints2: {9265ba42-0fbf-11e1-8467-002511708c7a} - K:\OriginInstaller.exe HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google+ Auto Backup] => C:\Users\DIMA\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.) HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HKCU] => C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe [784290 2014-05-17] () HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [tKi81K] => C:\Users\DIMA\sJz64H\svchost.exe [784290 2014-05-17] () HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFolderOptions] 1 HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8ff8575b-03cf-11e1-b1d0-002511708c7a} - K:\AutoRun.exe --autorun HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9265ba42-0fbf-11e1-8467-002511708c7a} - K:\OriginInstaller.exe AppInit_DLLs: C:\PROGRA~3\Prowebi\PROWEB~1.DLL => C:\PROGRA~3\Prowebi\PROWEB~1.DLL File Not Found ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File BootExecute: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-2717071264-1556804699-3599014186-1000] => http=127.0.0.1:8897;https=127.0.0.1:8897 ProxyServer: [S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:8897;https=127.0.0.1:8897 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x507C95ADDF97CC01 HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x507C95ADDF97CC01 HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\.DEFAULT -> {E4097784-2EB8-486D-A094-D46B608BE09F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms} SearchScopes: HKU\S-1-5-21-2717071264-1556804699-3599014186-1000 -> {16C0C30F-669E-446F-AEAF-437B70220EDA} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms} SearchScopes: HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {16C0C30F-669E-446F-AEAF-437B70220EDA} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms} BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\DIMA\AppData\Roaming\Mozilla\Firefox\Profiles\qig2tcel.default FF DefaultSearchEngine,S: FF DefaultSearchUrl: FF SearchEngineOrder.1: FF SearchEngineOrder.1,S: FF SelectedSearchEngine,S: FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p= FF NetworkProxy: "http", "23.22.26.80" FF NetworkProxy: "http_port", 80 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation) FF Plugin HKU\S-1-5-21-2717071264-1556804699-3599014186-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF Plugin HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF Extension: YTNoAds - C:\Users\DIMA\AppData\Roaming\Mozilla\Firefox\Profiles\qig2tcel.default\Extensions\xjki8uxokor@yei-hwyii.com [2014-07-22] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afproxy@anchorfree.com [2014-04-16] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-11-12] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-04-17] FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-04-17] FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-04-17] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-07-24] Chrome: ======= CHR HomePage: Default -> https://www.facebook.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.youtube.com/" CHR Profile: C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-24] CHR Extension: (Adblock Plus) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-18] CHR Extension: (Photo Zoom for Facebook) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-03-15] CHR Extension: (AdBlock) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-15] CHR Extension: (Facebook Notifications) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2014-03-15] CHR Extension: (Google Wallet) - C:\Users\DIMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKLM-x32\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Program Files (x86)\Cool Mirage Ltd\gophotoit\1.8.29.2\gophotoit.crx [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-25] () [File not signed] S3 BFE; . [0 2014-11-25] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 LanmanWorkstation; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 LanmanWorkstation; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-11-19] (Nuance Communications, Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-05] () R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software) S2 6ea8c3d5; "C:\Windows\system32\rundll32.exe" "c:\progra~3\prowebi\ProwebiSvc.dll",service <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ALSysIO; No ImagePath U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-11-18] () R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [33488 2014-05-24] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-12] (DT Soft Ltd) S3 EagleX64; No ImagePath R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-11-18] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-25] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S2 SVKP; C:\Windows\SysWOW64\SVKP.sys [2368 2014-11-19] () [File not signed] R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) S3 usbet; C:\Windows\System32\DRIVERS\ETdrv.sys [182912 2010-04-29] (Etron) U3 DfSdkS; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 09:42 - 2014-11-25 09:43 - 00029264 _____ () C:\Users\DIMA\Desktop\FRST.txt 2014-11-25 09:42 - 2014-11-25 09:42 - 00000000 ____D () C:\FRST 2014-11-25 09:41 - 2014-11-25 09:41 - 02118144 _____ (Farbar) C:\Users\DIMA\Downloads\FRST64.exe 2014-11-25 09:41 - 2014-11-25 09:41 - 02118144 _____ (Farbar) C:\Users\DIMA\Desktop\FRST64.exe 2014-11-24 22:28 - 2014-11-24 22:28 - 01310488 _____ (Uniblue Systems Limited ) C:\Users\DIMA\Downloads\setup.exe 2014-11-24 22:25 - 2014-11-24 22:25 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\WindowsDDL 2014-11-24 22:20 - 2014-11-25 09:36 - 00000336 _____ () C:\Windows\setupact.log 2014-11-24 22:20 - 2014-11-24 22:20 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-24 18:13 - 2014-11-24 18:13 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-11-24 18:13 - 2014-11-24 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-11-24 18:13 - 2014-11-24 18:13 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client 2014-11-24 18:01 - 2014-11-24 18:01 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\DIMA\Downloads\TeamSpeak3-Client-win32-3.0.16.exe 2014-11-24 17:28 - 2014-11-24 17:28 - 00000000 ___SD () C:\ComboFix 2014-11-24 17:22 - 2014-11-24 17:24 - 00000000 ____D () C:\Qoobox 2014-11-24 17:22 - 2014-11-24 17:22 - 00000000 ____D () C:\Windows\erdnt 2014-11-24 17:20 - 2014-11-24 17:20 - 05598874 _____ (Swearware) C:\Users\DIMA\Downloads\ComboFix.exe 2014-11-24 17:03 - 2014-11-24 17:03 - 02148864 _____ () C:\Users\DIMA\Desktop\adwcleaner_4.102.exe 2014-11-24 17:03 - 2014-11-24 17:03 - 00002251 _____ () C:\Users\DIMA\Desktop\Google Chrome.lnk 2014-11-24 16:24 - 2014-11-24 16:24 - 00000000 __SHD () C:\Users\DIMA\AppData\Local\EmieUserList 2014-11-24 16:24 - 2014-11-24 16:24 - 00000000 __SHD () C:\Users\DIMA\AppData\Local\EmieSiteList 2014-11-24 16:24 - 2014-11-24 16:24 - 00000000 __SHD () C:\Users\DIMA\AppData\Local\EmieBrowserModeList 2014-11-22 18:34 - 2014-11-22 19:44 - 00000000 ____D () C:\Users\DIMA\Desktop\Fabi Geburtstag 2014-11-21 00:34 - 2014-11-21 00:34 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab 2014-11-21 00:34 - 2014-11-21 00:34 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2014-11-21 00:10 - 2014-11-21 00:10 - 00046384 _____ () C:\Users\DIMA\Downloads\ed77f2e03747180525e87783247c4f09.dlc 2014-11-21 00:00 - 2014-11-21 00:05 - 1572864000 _____ () C:\Users\DIMA\Downloads\5412421241-ascreeduntyrelo.part05.rar 2014-11-20 23:54 - 2014-11-20 23:59 - 1572864000 _____ () C:\Users\DIMA\Downloads\5412421241-ascreeduntyrelo.part04.rar 2014-11-20 23:51 - 2014-11-20 23:56 - 1572864000 _____ () C:\Users\DIMA\Downloads\5412421241-ascreeduntyrelo.part03.rar 2014-11-20 23:42 - 2014-11-20 23:50 - 1572864000 _____ () C:\Users\DIMA\Downloads\5412421241-ascreeduntyrelo.part02.rar 2014-11-20 23:42 - 2014-11-20 23:50 - 1572864000 _____ () C:\Users\DIMA\Downloads\5412421241-ascreeduntyrelo.part01.rar 2014-11-20 23:39 - 2014-11-20 23:39 - 00002392 _____ () C:\Users\DIMA\Downloads\5fdce9ba323b882526a75b1e55eac4da.rsdf 2014-11-20 23:26 - 2014-11-20 23:26 - 00005912 _____ () C:\Users\DIMA\Downloads\5fdce9ba323b882526a75b1e55eac4da.dlc 2014-11-20 16:42 - 2014-11-20 16:42 - 00360648 _____ () C:\Users\DIMA\Downloads\MediaPlayerClassicInstaller.exe 2014-11-20 16:42 - 2014-11-20 16:42 - 00360648 _____ () C:\Users\DIMA\Downloads\MediaPlayerClassicInstaller (1).exe 2014-11-19 23:57 - 2014-11-20 00:00 - 272649583 _____ () C:\Users\DIMA\Downloads\PremiumLeech_freshme.rar 2014-11-19 16:59 - 2014-11-19 16:59 - 00000000 ____D () C:\Program Files (x86)\JoWooD 2014-11-19 12:26 - 2014-09-04 20:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-11-19 12:26 - 2014-09-04 20:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-11-19 12:23 - 2014-11-19 12:23 - 00767782 _____ () C:\Users\DIMA\Downloads\vol-gii.notr-mi.rar 2014-11-19 12:20 - 2014-11-19 12:21 - 308364224 _____ (NVIDIA Corporation) C:\Users\DIMA\Downloads\344.75-notebook-win8-win7-64bit-international-whql.exe 2014-11-19 12:17 - 2014-11-19 12:17 - 00000000 _____ () C:\Windows\zSpy.INI 2014-11-19 12:14 - 2014-11-19 12:14 - 00092970 _____ () C:\Users\DIMA\Downloads\gothic2_playerkit-2.6f.exe 2014-11-19 12:11 - 2014-11-19 12:11 - 00002368 _____ () C:\Windows\SysWOW64\SVKP.sys 2014-11-19 12:10 - 2014-11-19 12:10 - 09755449 _____ () C:\Users\DIMA\Downloads\g2addon-2_6.exe 2014-11-19 12:06 - 2014-11-19 12:06 - 03031183 _____ (${MOD_COMP}) C:\Users\DIMA\Downloads\gothic2_fix-2.6.0.0-rev2.exe 2014-11-19 11:57 - 2014-11-19 12:28 - 00000000 __SHD () C:\Users\DIMA\sJz64H 2014-11-19 11:52 - 2014-11-19 14:08 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD 2014-11-19 11:39 - 2014-11-19 11:40 - 00000000 ____D () C:\Users\DIMA\Desktop\Neuer Ordner 2014-11-14 15:03 - 2014-11-14 15:03 - 00001181 _____ () C:\Users\DIMA\AppData\Roaming\trace_FilterInstaller.txt 2014-11-14 15:03 - 2014-11-14 15:03 - 00000000 _____ () C:\Users\DIMA\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2014-11-14 12:12 - 2014-11-14 12:13 - 104400058 _____ () C:\Users\DIMA\Downloads\Kool_Savas_-_Maertyrer-2014-NoGroup.rar 2014-11-12 22:59 - 2014-11-12 22:59 - 08052296 _____ () C:\Users\DIMA\Downloads\HSS-3.42-install-hss-600-conduit (1).exe 2014-11-09 16:06 - 2014-11-09 16:06 - 00000000 ____D () C:\Users\DIMA\Desktop\The Binding of Isaac 2014-11-09 16:05 - 2014-11-09 16:05 - 324813198 _____ () C:\Users\DIMA\Downloads\The Binding Of Isaac Rebirth FULL GAME.rar 2014-11-07 23:09 - 2014-11-07 23:10 - 113494287 _____ () C:\Users\DIMA\Downloads\BaSa-DaLeIsSa20 [Wiredbots.net].zip 2014-10-30 21:02 - 2014-10-30 21:02 - 00000000 ____D () C:\Users\DIMA\aTubeCatcher 2014-10-30 21:01 - 2014-10-30 21:01 - 00001190 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk 2014-10-30 21:01 - 2014-10-30 21:01 - 00000049 _____ () C:\Windows\SysWOW64\ScrRecX.log 2014-10-30 21:01 - 2014-10-30 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher 2014-10-30 21:01 - 2014-10-30 21:01 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp 2014-10-30 21:01 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL 2014-10-30 21:00 - 2014-10-30 21:00 - 17089408 _____ (DsNET Corp ) C:\Users\DIMA\Downloads\aTube_Catcher_3.8.7980 (1).exe 2014-10-30 12:48 - 2014-10-30 12:48 - 00638888 _____ (Oracle Corporation) C:\Users\DIMA\Downloads\chromeinstall-8u25 (1).exe 2014-10-30 12:42 - 2014-10-30 12:42 - 00638888 _____ (Oracle Corporation) C:\Users\DIMA\Downloads\chromeinstall-8u25.exe 2014-10-26 16:49 - 2014-10-26 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 09:43 - 2013-08-01 21:48 - 00000000 ____D () C:\ProgramData\TEMP 2014-11-25 09:43 - 2009-07-14 18:58 - 00701688 _____ () C:\Windows\system32\perfh007.dat 2014-11-25 09:43 - 2009-07-14 18:58 - 00149884 _____ () C:\Windows\system32\perfc007.dat 2014-11-25 09:43 - 2009-07-14 06:13 - 01625786 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-25 09:40 - 2011-10-31 15:52 - 01373680 _____ () C:\Windows\WindowsUpdate.log 2014-11-25 09:37 - 2014-07-19 10:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-25 09:36 - 2014-03-15 00:14 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-25 09:36 - 2011-11-02 15:15 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-25 09:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-25 00:00 - 2012-04-08 09:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-24 23:59 - 2014-03-15 00:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-24 22:28 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-24 22:28 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-24 22:14 - 2014-03-12 19:31 - 00000000 ____D () C:\AdwCleaner 2014-11-24 22:07 - 2012-01-05 20:36 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\TS3Client 2014-11-24 17:30 - 2014-01-25 08:26 - 00000000 ____D () C:\Windows\Minidump 2014-11-24 17:30 - 2013-07-24 15:08 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-11-24 17:30 - 2013-07-22 21:50 - 00000000 ____D () C:\Users\DIMA\AppData\Local\CrashDumps 2014-11-24 17:30 - 2012-03-02 17:26 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-11-24 17:30 - 2011-11-14 19:04 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\uTorrent 2014-11-24 17:30 - 2011-10-31 16:59 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\DAEMON Tools Lite 2014-11-24 17:30 - 2011-10-31 15:21 - 00000000 ____D () C:\Windows\Panther 2014-11-24 16:54 - 2014-03-15 00:15 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-24 16:54 - 2014-03-15 00:14 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-24 16:44 - 2011-10-31 15:36 - 00000000 ____D () C:\Users\DIMA 2014-11-24 16:42 - 2014-03-15 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-24 16:42 - 2013-02-28 12:02 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-24 16:42 - 2012-11-12 06:34 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-24 16:42 - 2009-07-14 19:18 - 00000000 ____D () C:\Program Files\Windows Journal 2014-11-24 16:42 - 2009-07-14 18:58 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer 2014-11-24 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI 2014-11-24 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI 2014-11-24 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-11-24 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-11-24 16:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-11-24 15:56 - 2012-07-27 17:49 - 00007597 _____ () C:\Users\DIMA\AppData\Local\Resmon.ResmonCfg 2014-11-23 23:46 - 2013-12-08 13:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-22 21:29 - 2011-10-31 17:25 - 00000000 ____D () C:\Users\DIMA\AppData\Local\Paint.NET 2014-11-22 19:08 - 2011-10-31 16:10 - 00000000 ____D () C:\Users\DIMA\Desktop\Bilder 2014-11-21 10:59 - 2014-07-03 17:20 - 00000000 ____D () C:\Users\DIMA\Desktop\Favorite 2014-11-21 00:41 - 2012-07-29 11:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2 2014-11-20 23:40 - 2011-11-11 17:22 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-11-20 00:00 - 2012-10-26 15:47 - 00000000 ____D () C:\Users\DIMA\Desktop\Musik 2014-11-19 23:58 - 2012-12-26 19:50 - 00000000 ____D () C:\Users\DIMA\Desktop\Fav 2014-11-19 14:14 - 2011-11-11 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD 2014-11-19 12:28 - 2011-11-02 15:14 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-11-19 12:01 - 2014-05-11 10:51 - 00000081 _____ () C:\Users\DIMA\AppData\default.pls 2014-11-19 09:16 - 2011-11-14 20:21 - 00003814 _____ () C:\Windows\System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm 2014-11-18 16:40 - 2014-05-30 12:00 - 00000000 ____D () C:\Users\DIMA\AppData\Local\Battle.net 2014-11-16 17:21 - 2011-10-31 23:15 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk 2014-11-13 13:51 - 2014-05-20 08:11 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2014-11-12 16:01 - 2012-04-08 09:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 16:01 - 2012-04-08 09:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-12 16:01 - 2011-10-31 16:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-09 16:06 - 2012-02-10 16:02 - 00000000 ____D () C:\Users\DIMA\AppData\Local\SKIDROW 2014-11-09 16:06 - 2011-11-20 14:13 - 00000000 ____D () C:\Users\DIMA\Documents\My Games 2014-11-05 23:54 - 2011-12-22 17:47 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\vlc 2014-10-30 12:51 - 2012-10-19 07:54 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-30 12:50 - 2014-05-07 11:06 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-30 12:50 - 2014-05-07 11:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-30 12:50 - 2014-05-07 11:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-30 12:50 - 2014-05-07 11:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-30 12:46 - 2013-10-28 10:54 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-30 12:46 - 2013-10-28 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-26 19:32 - 2011-10-31 16:31 - 00000000 ____D () C:\Users\DIMA\AppData\Roaming\Skype 2014-10-26 16:49 - 2011-10-31 16:31 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-10-26 16:49 - 2011-10-31 16:31 - 00000000 ____D () C:\ProgramData\Skype ZeroAccess: C:\Windows\assembly\tmp C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} C:\Windows\assembly\tmp\ZW1C6SFO\Microsoft.SqlServer.SString.dll C:\Windows\assembly\tmp\X7IYPAVP\microsoft.sqlserver.batchparser.dll C:\Windows\assembly\tmp\TIS68MVX\Microsoft.DataWarehouse.Interfaces.DLL C:\Windows\assembly\tmp\RNKGV8FO\Microsoft.SqlServer.InstApi.dll C:\Windows\assembly\tmp\RIV9RDYZ\Microsoft.AnalysisServices.DeploymentEngine.dll C:\Windows\assembly\tmp\RCLDA064\Microsoft.SqlServer.Replication.BusinessLogicSupport.dll C:\Windows\assembly\tmp\R5LUP78P\Microsoft.AnalysisServices.AdomdClient.dll C:\Windows\assembly\tmp\OCB6D0XY\Microsoft.SqlServer.ServiceBrokerEnum.dll C:\Windows\assembly\tmp\MCW7AW3W\Microsoft.AnalysisServices.DLL C:\Windows\assembly\tmp\KNTK6REQ\Microsoft.SqlServer.WmiEnum.dll C:\Windows\assembly\tmp\J3YKKGGY\Microsoft.SqlServer.Rmo.dll C:\Windows\assembly\tmp\F6HXL0MB\Microsoft.SqlServer.SmoEnum.dll C:\Windows\assembly\tmp\F1YNN10P\Microsoft.SqlServer.Smo.dll C:\Windows\assembly\tmp\BQNF3M5B\microsoft.sqlserver.mgdsqldumper.dll C:\Windows\assembly\tmp\A26ZRLHL\Microsoft.SqlServer.SqlEnum.dll C:\Windows\assembly\tmp\9RF7TR3G\Microsoft.SqlServer.SqlTDiagM.dll C:\Windows\assembly\tmp\9CE0UJ1C\Microsoft.SqlServer.ConnectionInfo.dll C:\Windows\assembly\tmp\5V64DCFT\MSClusterLib.dll C:\Windows\assembly\tmp\4E812MZB\Microsoft.SqlServer.RegSvrEnum.dll C:\Windows\assembly\tmp\1K4YGPEK\Microsoft.SqlServer.Replication.dll ZeroAccess: C:\Users\DIMA\AppData\Local\5418379e C:\Users\DIMA\AppData\Local\5418379e\@ C:\Users\DIMA\AppData\Local\5418379e\loader.tlb ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-16 16:16 ==================== End Of Log ============================ Addition Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01 Ran by DIMA at 2014-11-25 09:44:21 Running from C:\Users\DIMA\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - ) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) AION Free-To-Play (x32 Version: 2.70.0000 - Gameforge) Hidden applicationupdater (HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\SOE-C:/Users/DIMA/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment) applicationupdater (HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SOE-C:/Users/DIMA/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) Belkin Connect Wireless USB Adapter (HKLM-x32\...\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}) (Version: 1.0.0.3 - Belkin) Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3 - Belkin) Hidden Bewerbungsfoto-/Passbild-Generator v3.5b (HKLM-x32\...\Passbild-Generator_is1) (Version: - ) Call of Duty Black Ops (HKLM-x32\...\Call of Duty Black Ops_is1) (Version: 1.0 - Activision Blizzard) CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source) Camtasia Studio 8 (HKLM-x32\...\{19F81C0C-D0DB-453D-9C1C-AD26C4140E7E}) (Version: 8.4.0.1691 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - ) DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.) Ghost Recon Online (EU) (HKU\S-1-5-21-2717071264-1556804699-3599014186-1000\...\d8be6c3f847d7d92) (Version: 1.34.7344.1 - Ubisoft) Ghost Recon Online (EU) (HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\d8be6c3f847d7d92) (Version: 1.34.7344.1 - Ubisoft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) JDownloader 2 (HKLM-x32\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH) Kaspersky Internet Security 2012 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab) Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version: - ) Mozilla Firefox 13.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 13.0.1 (x86 de)) (Version: 13.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla) MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger) Nero 7 Premium (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1031}) (Version: 7.02.6445 - Nero AG) Nuance PDF Converter Enterprise 8 (HKLM\...\{CCBC433F-343E-402A-9FB0-721218C52127}) (Version: 8.10.7268 - Nuance Communications, Inc.) NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.) OXPDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.1.0 - TaoRuan) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.42.0 - Razer Inc.) Recuva (HKLM\...\Recuva) (Version: 1.45 - Piriform) Reus (HKLM-x32\...\GOGPACKREUS_is1) (Version: 2.0.0.10 - GOG.com) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Safari (HKLM-x32\...\{5E453519-60F6-4A4D-A0BF-16663F9B3536}) (Version: 5.34.51.22 - Apple Inc.) Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - ) Scansoft PDF Professional (x32 Version: - ) Hidden SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions) Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Terraria v1.2.0.2 cracked-KEBAB (HKLM-x32\...\{A1264D7F-CEF6-4033-8F9D-3E27392E3627}) (Version: 1.2.0.2 - KEBAB) Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.3 - Ubisoft) Trials Evolution Gold Edition (x32 Version: 1.0.0.3 - Ubisoft) Hidden TubeBox (HKLM-x32\...\{c5b74464-3a04-417c-9eee-d0dc7d6af196}) (Version: 4.1.0.0 - Freetec) TubeBox (x32 Version: 4.1.0.0 - Freetec) Hidden TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.3020.2 - TuneUp Software) TuneUp Utilities 2013 (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.2030.5 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Vegas Pro 10.0 (64-bit) (HKLM\...\{7B8F9BF0-A1D5-11E0-B4E5-0013D3D69929}) (Version: 10.0.738 - Sony) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) WebCam (HKLM-x32\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 5.1.0.0 - ETRON) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-11-2014 13:07:35 Revo Uninstaller's restore point - Gothic II 23-11-2014 22:21:27 Windows Update 24-11-2014 14:57:20 Revo Uninstaller's restore point - System Requirements Lab CYRI 24-11-2014 15:23:07 Revo Uninstaller's restore point - Google Chrome 24-11-2014 15:34:27 Wiederherstellungsvorgang 24-11-2014 17:08:36 Revo Uninstaller's restore point - TeamSpeak 3 Client 24-11-2014 21:51:08 Revo Uninstaller's restore point - System Requirements Lab CYRI ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 __RAH C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {332ACFAF-111D-4AA4-B8CA-83B1DB2F00DF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software) Task: {3AE92997-CFD2-4DDE-9DB0-FD6BE4072545} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation) Task: {5852D241-1FE8-4870-B8D9-9BF0DA9D0847} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe Task: {634C1BED-8943-4486-A4ED-98716540E4D1} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10] () Task: {7156F30C-2A86-4876-B122-CEA6E0EB5E3B} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16] (InstallShield Software Corporation) Task: {7BF0D218-1D9E-48FD-890A-1EFFF9A4C072} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.) Task: {A1C1EED0-8FCC-41E6-BAF3-E6ED8428C1AA} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004-06-16] (InstallShield Software Corporation) Task: {C113B528-3227-48DD-BBB6-CA95EF16D5A5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated) Task: {CA40B92F-5882-46A8-AAA1-4DDED46E9120} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.) Task: {DE2586A6-EB76-4DCC-8D38-B3C07BF0CF79} - System32\Tasks\Game_Booster_Startup => C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe Task: {E7B8B663-6656-4AB7-A5F1-3B21DB9F9945} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated) Task: {FF5B47EF-8858-48B1-A7F8-6CB3CA24CAEE} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe Task: {FF775C4A-B79F-4CB1-9A48-D3239C484780} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-10 11:33 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-09-30 16:34 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2011-10-31 15:47 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll 2014-11-19 11:57 - 2014-05-17 19:30 - 00784290 _____ () C:\Users\DIMA\sJz64H\svchost.exe 2013-12-02 17:26 - 2013-12-05 10:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-11-10 12:10 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2012-11-10 12:10 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll 2012-11-10 12:10 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll 2012-11-10 12:10 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 AlternateDataStreams: C:\ProgramData\TEMP:7C784982 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup MSCONFIG\startupreg: HKCU => C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe MSCONFIG\startupreg: InboxMonitor => "C:\Program Files (x86)\Nuance\PDF Professional 8\InboxMonitor.exe" /run ========================= Accounts: ========================== Administrator (S-1-5-21-2717071264-1556804699-3599014186-500 - Administrator - Disabled) DIMA (S-1-5-21-2717071264-1556804699-3599014186-1000 - Administrator - Enabled) => C:\Users\DIMA Gast (S-1-5-21-2717071264-1556804699-3599014186-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2717071264-1556804699-3599014186-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Microsoft-ISATAP-Adapter Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft-ISATAP-Adapter #2 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (11/24/2014 10:04:48 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden. Details: 0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800)) Error: (11/24/2014 10:04:48 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Windows (2724) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00278.log. System errors: ============= Error: (11/25/2014 09:36:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "MBAMWebAccessControl" ist vom Dienst "BFE" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%5 Error: (11/25/2014 09:36:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "BFE" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Error: (11/25/2014 09:36:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "MBAMWebAccessControl" ist vom Dienst "BFE" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%5 Error: (11/25/2014 09:36:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "BFE" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Error: (11/25/2014 09:36:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (11/25/2014 09:36:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/25/2014 09:36:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Kaspersky Anti-Virus Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/25/2014 09:36:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Kaspersky Anti-Virus Service erreicht. Error: (11/25/2014 09:36:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Prowebi erreicht. Error: (11/25/2014 09:36:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: %%2 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2012-08-11 12:09:47.288 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\DIMA\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-08-11 12:09:46.810 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\DIMA\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-08-11 12:09:46.075 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-08-11 12:09:45.539 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-11-18 06:26:51.214 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-11-18 06:26:51.042 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-11-18 06:26:50.840 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-11-18 06:26:50.652 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-11-17 13:20:38.585 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-11-17 13:20:38.395 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD Phenom(tm) 9600 Quad-Core Processor Percentage of memory in use: 40% Total physical RAM: 4095.24 MB Available physical RAM: 2429.87 MB Total Pagefile: 10235.42 MB Available Pagefile: 8332.08 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:270.44 GB) (Free:65.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Games) (Fixed) (Total:97.63 GB) (Free:60.45 GB) NTFS Drive e: (Games) (Fixed) (Total:97.69 GB) (Free:71.13 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 509F509F) Partition 1: (Active) - (Size=270.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195.3 GB) - (Type=OF Extended) ==================== End Of Log ============================ Ich glaube mal das das die Logs sind ich kenn mich da nicht so aus Code:
ATTFilter <?xml version="1.0" encoding="UTF-16"?> -<mbam-log> -<header> <date>2014/11/24 15:58:27 +0100</date> <logfile>mbam-log-2014-11-24 (15-58-26).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.00.3.1025</version> <malware-database>v2014.11.24.05</malware-database> <rootkit-database>v2014.11.22.01</rootkit-database> <license>premium</license> <file-protection>enabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>DIMA</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>374167</objects> <time>1127</time> <processes>0</processes> <modules>0</modules> <keys>2</keys> <values>2</values> <datas>0</datas> <folders>0</folders> <files>2</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>warn</pup> <pum>enabled</pum> </options> -<items> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5460C4DF-B266-909E-CB58-E32B79832EB2}</path> <vendor>Backdoor.Agent</vendor> <action>success</action> <hash>474ed966631960d6222b855537cbeb15</hash> </key> -<key> <path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5460C4DF-B266-909E-CB58-E32B79832EB2}</path> <vendor>Backdoor.Agent</vendor> <action>success</action> <hash>474ed966631960d6222b855537cbeb15</hash> </key> -<value> <path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path> <valuename>HKCU</valuename> <vendor>Backdoor.Agent</vendor> <action>success</action> <valuedata>C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe</valuedata> <hash>474ed966631960d6222b855537cbeb15</hash> </value> -<value> <path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER</path> <valuename>NoFolderOptions</valuename> <vendor>Hijack.FolderOptions</vendor> <action>success</action> <valuedata>1</valuedata> <hash>296c4bf485f7b58104f116d48c77fc04</hash> </value> -<file> <path>C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe</path> <vendor>Backdoor.Agent</vendor> <action>success</action> <hash>474ed966631960d6222b855537cbeb15</hash> </file> -<file> <path>C:\Windows\SysWOW64\SVKP.sys</path> <vendor>Trojan.Agent</vendor> <action>success</action> <hash>e0b562dda0dcee483afdae8e679dff01</hash> </file> </items> </mbam-log> Code:
ATTFilter <?xml version="1.0" encoding="UTF-16"?> -<mbam-log> -<header> <date>2014/11/24 22:58:00 +0100</date> <logfile>mbam-log-2014-11-24 (22-57-59).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.00.3.1025</version> <malware-database>v2014.11.24.08</malware-database> <rootkit-database>v2014.11.22.01</rootkit-database> <license>premium</license> <file-protection>enabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>DIMA</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>370807</objects> <time>1146</time> <processes>0</processes> <modules>0</modules> <keys>2</keys> <values>2</values> <datas>0</datas> <folders>0</folders> <files>2</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>warn</pup> <pum>enabled</pum> </options> -<items> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5460C4DF-B266-909E-CB58-E32B79832EB2}</path> <vendor>Backdoor.Agent</vendor> <action>none</action> <hash>3d5b7ac5f28aa78f8059c31762a0cf31</hash> </key> -<key> <path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5460C4DF-B266-909E-CB58-E32B79832EB2}</path> <vendor>Backdoor.Agent</vendor> <action>none</action> <hash>3d5b7ac5f28aa78f8059c31762a0cf31</hash> </key> -<value> <path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path> <valuename>HKCU</valuename> <vendor>Backdoor.Agent</vendor> <action>none</action> <valuedata>C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe</valuedata> <hash>3d5b7ac5f28aa78f8059c31762a0cf31</hash> </value> -<value> <path>HKU\S-1-5-21-2717071264-1556804699-3599014186-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER</path> <valuename>NoFolderOptions</valuename> <vendor>Hijack.FolderOptions</vendor> <action>none</action> <valuedata>1</valuedata> <hash>64347bc49ae283b3d7e540ab5ba860a0</hash> </value> -<file> <path>C:\Users\DIMA\AppData\Roaming\WindowsDDL\dlhost.exe</path> <vendor>Backdoor.Agent</vendor> <action>none</action> <hash>3d5b7ac5f28aa78f8059c31762a0cf31</hash> </file> -<file> <path>C:\Windows\SysWOW64\SVKP.sys</path> <vendor>Trojan.Agent</vendor> <action>none</action> <hash>435508379ddf7eb88678211b2cd8fa06</hash> </file> </items> </mbam-log> Geändert von Dima95 (25.11.2014 um 10:02 Uhr) |
25.11.2014, 11:05 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnet sich die ganze zeit automatisch im HintergrundZitat:
Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
__________________ Logfiles bitte immer in CODE-Tags posten |
25.11.2014, 11:33 | #5 |
| Browser öffnet sich die ganze zeit automatisch im Hintergrund Danke für deine Hilfe ich denke ich werde eine Neuinstallation machen. |
Themen zu Browser öffnet sich die ganze zeit automatisch im Hintergrund |
automatisch, deinstallieren, erkennt, explorer, fehlercode 0x80070490, fehlercode windows, folge, hintergrund, internet explorer, neuer, plötzlich, problem, prozess, prozesse, quarantäne, schließt, sekunden, this device cannot start. (code10), viren, wirklich, öffnet |