|
Plagegeister aller Art und deren Bekämpfung: Trojaner-Warnung nach Steam-UpdateWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.12.2014, 21:08 | #16 |
/// the machine /// TB-Ausbilder | Trojaner-Warnung nach Steam-UpdateESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.12.2014, 16:05 | #17 |
| Trojaner-Warnung nach Steam-Update Also, der Reihe nach:
__________________Externe Festplatten nutze ich nicht. Den ESET Online Scan musste ich leider unterbrechen, weil er sich mittendrin aufgehängt hat, ich habe es mehrfach versucht. Danach bekam ich diese Meldung: Code:
ATTFilter Beschreibung Aufgrund eines Videohardwareproblems ist Windows nicht mehr voll funktionsfähig. Problemsignatur Problemereignisame: LiveKernelEvent Betriebsystemversion: 6.1.7601.2.1.0.256.48 Gebietsschema-ID: 1031 Dateien zur Beschreibung des Problems WD-20120911-0603.dmp sysdata.xml WERInternalMetadata.xml Temporäre Kopie dieser Dateien anzeigen Warnung: Wenn das Problem durch einen Virus oder ein sonstiges Sicherheitsrisiko verursacht wurde, kann der Computer durch das Öffnen einer Kopie der Dateien beschädigt werden. Weitere Informationen über das Problem BCCode: 117 BCP1: 88C13008 BCP2: 94754ACE BCP3: 00000000 BCP4: 00000000 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` ESET Smart Security 8.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 71 Adobe Flash Player 16.0.0.235 Adobe Reader XI Mozilla Firefox 27.0 Firefox out of Date! Mozilla Thunderbird (31.3.0) Google Chrome (39.0.2171.71) Google Chrome (39.0.2171.95) ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2014 01 Ran by ERSTERUSER (administrator) on CLAUDIA-PC on 21-12-2014 15:32:13 Running from D:\Eigene Dateien\Downloads Loaded Profile: ERSTERUSER (Available profiles: ERSTERUSER & UpdatusUser) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (Super Flexible Software Ltd. & Co. KG) C:\Program Files-s\SuperFlexible\ExtremeVSS.exe (Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (StorageCraft Technology Corporation) C:\Program Files-s\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation) C:\Program Files-s\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (StorageCraft Technology Corporation) C:\Windows\System32\vsnapvss.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC) HKLM\...\Run: [Kone] => C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE [151552 2008-10-06] (ROCCAT) HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM\...\Run: [Ninite Updater] => C:\Program Files\Ninite Updater\NiniteUpdater.exe [265760 2013-11-14] (Secure By Design Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-10-01] (ESET) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\Run: [Quicklaunch] => C:\Program Files-s\Quicklaunch\QuickLaunch.exe [554496 2006-12-16] (Oliver Frietsch) HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\ERSTERUSER\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\Run: [ExtremeSync Background Scheduler] => C:\Program Files-s\SuperFlexible\ExtremeSyncService.exe [13941120 2011-11-18] (Super Flexible Software) HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\Run: [Amazon Music] => C:\Users\ERSTERUSER\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] () HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\MountPoints2: {dac28781-b80c-11df-b978-005056c00008} - F:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3507585339-1609819653-644593918-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-3507585339-1609819653-644593918-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-3507585339-1609819653-644593918-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3507585339-1609819653-644593918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-3507585339-1609819653-644593918-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\ERSTERUSER\AppData\Roaming\Mozilla\Firefox\Profiles\a7rjlmc2.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files-s\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files-s\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files-s\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3507585339-1609819653-644593918-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ERSTERUSER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3507585339-1609819653-644593918-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\ERSTERUSER\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-08-10] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "https://www.google.de/" CHR Profile: C:\Users\ERSTERUSER\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\ERSTERUSER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-07-28] CHR Extension: (Beautiful landscape) - C:\Users\ERSTERUSER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2013-07-13] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ERSTERUSER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27] CHR Extension: (Get F.B. Purity for Facebook) - C:\Users\ERSTERUSER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifpbhmjbfiogpipemadffnijpbcdfkmp [2013-07-13] CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\ERSTERUSER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2013-07-13] CHR Extension: (Google Wallet) - C:\Users\ERSTERUSER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (ProxPrice) - C:\Users\ERSTERUSER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopgehbobniifpngnhmljfojnkkopbje [2014-07-28] CHR Extension: (Privacy Badger) - C:\Users\ERSTERUSER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2014-08-05] CHR HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\Chrome\Extension: [ncmdmcjifbkefpaijakdbgfjbpaonjhg] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2014-10-01] (ESET) R2 ExtremeVSSService; C:\Program Files-S\SuperFlexible\ExtremeVSS.exe [3196800 2011-09-20] (Super Flexible Software Ltd. & Co. KG) R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed] R2 ShadowProtectSvc; C:\Program Files-s\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [1497632 2009-12-17] (StorageCraft Technology Corporation) S2 BingDesktopUpdate; "C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 catchme; C:\Users\ERSTERUSER\AppData\Local\Temp\catchme.sys [31744 2014-12-10] () [File not signed] R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [191928 2014-09-22] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135296 2014-09-22] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [176448 2014-09-22] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37928 2014-09-22] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [51288 2014-09-22] (ESET) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] R3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [13056 2008-12-11] (ROCCAT Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed] R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-07-22] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-07-22] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-07-22] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [293904 2009-07-22] (Microsoft Corporation) S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI) S3 taphss6; system32\DRIVERS\taphss6.sys [X] U5 UnlockerDriver5; C:\Program Files-s\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-18 10:03 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-13 23:04 - 2014-12-13 23:04 - 00004264 _____ () C:\Users\ERSTERUSER\Desktop\JRT.txt 2014-12-13 23:00 - 2014-12-13 23:00 - 00000000 ____D () C:\Windows\ERUNT 2014-12-13 22:39 - 2014-12-13 22:54 - 00000000 ____D () C:\AdwCleaner 2014-12-10 13:36 - 2014-12-10 13:38 - 00000000 ___SD () C:\ComboFix 2014-12-10 09:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-10 09:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-10 09:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-10 09:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-10 09:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-10 09:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-10 09:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-10 09:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-10 09:45 - 2014-12-10 09:46 - 00000000 ____D () C:\Qoobox 2014-12-10 09:44 - 2014-12-10 09:44 - 00000000 ____D () C:\Windows\erdnt 2014-12-10 06:56 - 2014-12-10 06:56 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-10 03:23 - 2014-12-10 03:23 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 03:07 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 02:42 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 02:42 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 02:42 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 02:42 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 02:42 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 02:42 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 02:42 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 02:42 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 02:42 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 02:42 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 02:42 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 02:42 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 02:42 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 02:42 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 02:42 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 02:42 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 02:42 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 02:42 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 02:42 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 02:42 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 02:42 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 02:42 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 02:42 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 02:42 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 02:42 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 02:42 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 02:42 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 02:42 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 02:42 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 02:42 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 02:42 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 02:42 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 02:42 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 02:42 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 02:42 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 02:42 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 02:42 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 02:42 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 02:42 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 02:37 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 02:36 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 02:36 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 02:36 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 02:36 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 02:36 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 02:36 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-07 20:12 - 2014-12-21 15:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-07 20:11 - 2014-12-07 20:11 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-07 20:11 - 2014-12-07 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-07 20:11 - 2014-12-07 20:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-07 20:11 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-07 20:11 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-07 20:11 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-07 13:28 - 2014-12-21 15:32 - 00000000 ____D () C:\FRST 2014-12-06 17:33 - 2014-12-06 17:33 - 00000000 ____D () C:\Users\ERSTERUSER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-02 08:37 - 2014-12-02 10:12 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-11-28 14:43 - 2014-11-28 14:43 - 00001760 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-11-28 14:43 - 2014-11-28 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-11-28 14:42 - 2014-11-28 14:42 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2014-11-28 14:42 - 2014-11-28 14:42 - 00000000 ____D () C:\Program Files\iTunes 2014-11-28 14:42 - 2014-11-28 14:42 - 00000000 ____D () C:\Program Files\iPod 2014-11-28 14:41 - 2014-11-28 14:41 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2014-11-28 14:41 - 2014-11-28 14:41 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-11-28 14:40 - 2014-11-28 14:40 - 00000000 ____D () C:\Program Files\Bonjour 2014-11-21 16:16 - 2014-11-21 16:59 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-11-21 11:46 - 2014-11-21 11:46 - 00000000 __SHD () C:\Users\ERSTERUSER\AppData\Local\EmieBrowserModeList ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-21 15:29 - 2013-08-01 06:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-21 15:06 - 2013-11-16 18:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cee2f31d07067f.job 2014-12-21 12:39 - 2014-11-19 13:07 - 00000000 ____D () C:\Program Files\ESET 2014-12-21 12:30 - 2013-06-28 06:54 - 00000000 ____D () C:\Users\ERSTERUSER\AppData\Roaming\vlc 2014-12-21 12:30 - 2010-02-14 15:26 - 00000000 ____D () C:\Users\ERSTERUSER\AppData\Roaming\UseNeXT 2014-12-21 09:02 - 2009-07-14 05:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-21 09:02 - 2009-07-14 05:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-21 08:56 - 2010-02-13 11:43 - 01985963 _____ () C:\Windows\WindowsUpdate.log 2014-12-21 08:54 - 2014-06-17 16:26 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8a4073898d18.job 2014-12-21 08:54 - 2010-02-13 21:46 - 00000000 ____D () C:\ProgramData\TEMP 2014-12-21 08:54 - 2010-02-13 12:11 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-12-21 08:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-21 08:54 - 2009-07-14 05:39 - 00118429 _____ () C:\Windows\setupact.log 2014-12-19 22:07 - 2010-02-13 11:44 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-13 22:56 - 2010-02-13 12:11 - 00529846 _____ () C:\Windows\PFRO.log 2014-12-13 08:08 - 2012-06-25 11:49 - 00000000 ____D () C:\Users\ERSTERUSER\AppData\Roaming\Dropbox 2014-12-12 06:48 - 2014-09-12 22:42 - 00000000 ____D () C:\Users\ERSTERUSER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-10 06:58 - 2013-11-17 17:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 06:56 - 2013-08-01 06:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-10 06:56 - 2013-08-01 06:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-10 04:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-12-10 03:23 - 2014-05-02 08:32 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-12-10 03:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2014-12-10 03:06 - 2013-08-14 05:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 03:01 - 2010-02-13 22:18 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-07 20:11 - 2011-03-03 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-06 23:38 - 2014-04-10 08:50 - 00000000 ____D () C:\Program Files\Steam 2014-12-06 17:50 - 2014-04-10 08:50 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-12-03 06:43 - 2011-02-17 18:04 - 00000000 ____D () C:\Users\ERSTERUSER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-12-03 06:43 - 2011-02-17 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-12-03 06:26 - 2012-05-06 13:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-28 14:42 - 2014-10-10 19:26 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-11-28 14:40 - 2010-09-04 13:06 - 00000000 ____D () C:\ProgramData\Apple 2014-11-22 23:34 - 2013-04-19 16:10 - 00000000 ____D () C:\Program Files\UseNeXT 2014-11-22 23:34 - 2010-02-14 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2014-11-21 17:15 - 2010-10-14 20:50 - 00000000 ____D () C:\Windows\Minidump Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.3368.dll Some content of TEMP: ==================== C:\Users\ERSTERUSER\AppData\Local\Temp\catchme.dll C:\Users\ERSTERUSER\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqs7ng1.dll C:\Users\ERSTERUSER\AppData\Local\Temp\Quarantine.exe C:\Users\ERSTERUSER\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 00:02 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2014 01 Ran by ERSTERUSER at 2014-12-21 15:32:57 Running from D:\Eigene Dateien\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden Alle meine Passworte 3.15 (HKLM\...\AllemeinePassworte) (Version: - ) Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC) Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.13 - Audible, Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 2.28 - Piriform) CodeStuff Starter (HKLM\...\CodeStuff Starter) (Version: 5.6.2.9 - CodeStuff) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Dupehunter Professional - Computerbild Edition (HKLM\...\Dupehunter Professional - Computerbild Edition) (Version: 8.1.0.3700 - Carsten Heidtke Software) ESET Smart Security (HKLM\...\{1F4CBC3C-5CAE-4528-A584-C25E6CE3D7E5}) (Version: 8.0.304.4 - ESET, spol s r. o.) EzImplant-CDViewer (HKLM\...\{B8CB4ED2-74EE-44F0-88CB-C2DD30B36EEA}) (Version: 1.5.7415 - INFINITT) EzImplant-CDViewer (Version: 1.5.7415 - INFINITT) Hidden Fernwartungshilfe für Kunden von PC-Blitzhelfer (HKLM\...\Fernwartungshilfe für Kunden von PC-Blitzhelfer) (Version: 1.0.1 - PC-Blitzhelfer) Folder Guide (HKLM\...\Folder Guide) (Version: - ) Freemake Video Converter Version 4.0.3 (HKLM\...\Freemake Video Converter_is1) (Version: 4.0.3 - Ellora Assets Corporation) Google Chrome (HKLM\...\{C3FF5ACB-174A-3E07-AE2A-62063FBCC9B1}) (Version: 66.30.49247 - Google, Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software) HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation) ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LameXP (HKLM\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: - ) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Menu Templates - Starter Kit (Version: 9.4.1.0 - Nero AG) Hidden Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6109.5003 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Movie Templates - Starter Kit (Version: 9.4.1.0 - Nero AG) Hidden Mozilla Firefox 27.0 (x86 de) (HKLM\...\Mozilla Firefox 27.0 (x86 de)) (Version: 27.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) NC Launcher (GameForge) (HKLM\...\NCLauncher_GameForge) (Version: - NCsoft) Nero 9 Essentials (HKLM\...\{86bde101-32cf-471a-8575-8de7c21570d8}) (Version: - Nero AG) Ninite Updater (HKLM\...\NiniteUpdater) (Version: - ) NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation) NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia) PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickLaunch (HKLM\...\QuickLaunch_is1) (Version: 2.3 - Oliver Frietsch) QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realms of Arkania: Blade of Destiny (HKLM\...\Steam App 237550) (Version: - Crafty Studios) ROCCAT Kone Mouse Driver (HKLM\...\{9733747E-E53D-4C17-977E-3A872AFB93E1}) (Version: - ) Seagate Manager Installer (HKLM\...\InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}) (Version: 2.02.0109 - Seagate) Seagate Manager Installer (Version: 2.02.0109 - Seagate) Hidden ShadowProtect Desktop (HKLM\...\{8850DEC8-22FD-4F05-A3AA-49B91200C24F}) (Version: 3.5.4183 - StorageCraft) ShadowProtect Desktop (Version: 3.5.4183 - StorageCraft) Hidden Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Super Flexible File Synchronizer 5.60 (HKLM\...\Super Flexible File Synchronizer_is1) (Version: 5.60 - Super Flexible Software) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.6 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Unity Web Player (HKU\S-1-5-21-3507585339-1609819653-644593918-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb) UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) Visual Subst (HKLM\...\Visual Subst) (Version: 1.0.6 - NTWind Software) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.1.9 - Shark007) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.2.7235.0 - Microsoft Corporation) Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) (HKLM\...\6194C28A8F62DD817EA1B918E6E46E806A21B452) (Version: 02/23/2007 2.5.0.0 - MobileTop) Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) (HKLM\...\65B6FE5418CE28F4D72543FB2D964C3CEC83F161) (Version: 02/23/2007 2.5.0.0 - MobileTop) Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia) WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ERSTERUSER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\TotCmdPM-C\Progs\UltraEdit\ue32ctmn.dll () CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3507585339-1609819653-644593918-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\ERSTERUSER\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File ==================== Restore Points ========================= 20-12-2014 00:00:01 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AC90BA6-D407-4A06-935C-F95E8CBB14B5} - System32\Tasks\{CD119950-AECB-4970-9DA8-F6213814FE9A} => C:\Program Files\iTunes\iTunes.exe [2014-10-15] (Apple Inc.) Task: {1063CB4E-C6A1-49F7-AFD4-E77A616A5D08} - System32\Tasks\{2CCBD1DD-5138-4FC2-B65A-A639DB1995AB} => C:\Program Files\Ninite Updater\NiniteUpdater.exe [2013-11-14] (Secure By Design Inc.) Task: {17D647C6-BA2C-4EE7-AA4E-CD295B7397C9} - System32\Tasks\{593FE8EE-21EC-4C14-A0B7-6F269650F7EE} => C:\Program Files\iTunes\iTunes.exe [2014-10-15] (Apple Inc.) Task: {1BDD75B6-BB8C-42B1-BECC-601C3736FCA0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {20CDBC76-9955-4B73-A03A-68ABB5738DBA} - System32\Tasks\{100C0DF1-7649-433E-8DBA-124AF678EF5D} => C:\Program Files\iTunes\iTunes.exe [2014-10-15] (Apple Inc.) Task: {23AF1B7C-E5A2-4E33-8D17-5CC12BDCEBBE} - System32\Tasks\{AC64EE3F-8680-47B7-889E-8D5F82241735} => C:\Program Files\Ninite Updater\NiniteUpdater.exe [2013-11-14] (Secure By Design Inc.) Task: {33D76DA5-57BA-4F12-9CCD-2722B3EE282B} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8a4073898d18 => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.) Task: {3AE0A447-349B-4FA2-B97D-B6049A88D5CE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {4F0F9E71-2380-416E-9498-34BFFB46DFE6} - System32\Tasks\{F7564B6E-1F94-45F6-8801-861FD474C13F} => pcalua.exe -a D:\Downloads\267.85_desktop_win7_winvista_32bit_international.exe -d "D:\Eigene Dateien\Desktop" Task: {58951724-E1B5-41BA-B202-109D6978DA96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5F8D57B7-0D18-4F4F-9484-E451F5C6E98C} - System32\Tasks\GoogleUpdateTaskMachineUA1cee2f31d07067f => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.) Task: {5FD37F6B-B837-498D-87FC-804AC4F661ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {75F1BD09-2D15-452A-B5B5-6C2A0A837DE3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {914C6117-625F-4E12-BE29-3158EEC2E19F} - System32\Tasks\{2B2007DA-4AA5-4EFD-80C1-2164C5EE99BE} => pcalua.exe -a "D:\Eigene Dateien\Downloads\Shockwave_Installer_Slim.exe" -d "D:\Eigene Dateien\Downloads" Task: {A0B33EA5-C94B-4745-AE8A-BE7AAD785BC8} - System32\Tasks\{07C6FB47-2689-4A31-8470-F2E2825F0942} => pcalua.exe -a "C:\Program Files-s\Codestuff\Starter\unStarter.exe" Task: {B5D64E0D-8DAF-468D-8B28-5726C7447D2C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {B626FA49-F9AA-41BA-A4E9-BFC9306DC923} - System32\Tasks\{8ADA1F88-BA75-4746-8AF1-4B2D4D9D4A34} => pcalua.exe -a "D:\Eigene Dateien\Downloads\AudibleDM_iTunesSetup.exe" -d "D:\Eigene Dateien\Downloads" Task: {D3044F96-FDCB-491E-A7B3-B76F021B5B63} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {EA0A65EE-B164-412D-BB18-C1AA7AE7F78B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {EA8E6B62-CFB3-448D-A481-A0E5096639E7} - System32\Tasks\{B57E924A-9BE1-48CA-955E-394A93E26B06} => pcalua.exe -a E:\Install.exe -d E:\ Task: {FED0C4A7-752F-4CD4-AC3F-74E82454929E} - System32\Tasks\{291ABD72-DAA7-4DC2-978E-5A78C2BD2A94} => C:\Program Files\iTunes\iTunes.exe [2014-10-15] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8a4073898d18.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cee2f31d07067f.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-25 14:48 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-07-04 22:32 - 2010-07-04 22:32 - 00010752 _____ () C:\Program Files-s\Unlocker\UnlockerCOM.dll 2010-02-13 22:00 - 2008-08-13 16:20 - 00153600 _____ () C:\Program Files-s\Folder Guide\FGShellExt.dll 2012-12-07 17:27 - 2012-12-07 17:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 2014-12-10 06:56 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-10 06:56 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-10 06:56 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-10 06:56 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:9453D700 AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 AlternateDataStreams: C:\Users\ERSTERUSER\AppData\Roaming\default.rss:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) HKU\S-1-5-21-3507585339-1609819653-644593918-1000\Software\Classes\.exe: exefile => <===== ATTENTION! ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3507585339-1609819653-644593918-500 - Administrator - Disabled) ERSTERUSER (S-1-5-21-3507585339-1609819653-644593918-1000 - Administrator - Enabled) => C:\Users\ERSTERUSER Gast (S-1-5-21-3507585339-1609819653-644593918-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3507585339-1609819653-644593918-1007 - Limited - Enabled) UpdatusUser (S-1-5-21-3507585339-1609819653-644593918-1005 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/17/2014 07:22:03 AM) (Source: Chrome) (EventID: 1) (User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=39.0.2171.95;lang=;guid=F2D1FBB44E12420184E9440CA877A2A0;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\a9e41c9f-f0b5-4bc3-b913-23a7a50b4574.dmp Error: (12/14/2014 04:17:04 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (12/14/2014 10:50:15 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Picasa3.exe, Version 3.9.138.151 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bd8 Startzeit: 01d017833e5a66dd Endzeit: 5 Anwendungspfad: C:\Program Files-s\Google\Picasa3\Picasa3.exe Berichts-ID: 91037292-8376-11e4-942a-90e6bac907bf System errors: ============= Error: (12/19/2014 10:03:30 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error: (12/19/2014 10:03:30 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error: (12/19/2014 10:03:29 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden. Error: (12/19/2014 08:04:19 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (12/19/2014 01:22:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 20. Error: (12/19/2014 00:50:05 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/19/2014 07:26:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/19/2014 07:26:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/19/2014 07:25:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (12/19/2014 07:25:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Extreme VSS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (12/17/2014 07:22:03 AM) (Source: Chrome) (EventID: 1) (User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=39.0.2171.95;lang=;guid=F2D1FBB44E12420184E9440CA877A2A0;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\a9e41c9f-f0b5-4bc3-b913-23a7a50b4574.dmp Error: (12/14/2014 04:17:04 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"J:\DPInst64.exe Error: (12/14/2014 10:50:15 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Picasa3.exe3.9.138.151bd801d017833e5a66dd5C:\Program Files-s\Google\Picasa3\Picasa3.exe91037292-8376-11e4-942a-90e6bac907bf ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz Percentage of memory in use: 49% Total physical RAM: 3327.18 MB Available physical RAM: 1694.2 MB Total Pagefile: 6652.65 MB Available Pagefile: 4857.66 MB Total Virtual: 2047.88 MB Available Virtual: 1904.89 MB ==================== Drives ================================ Drive c: (Start-C) (Fixed) (Total:110 GB) (Free:55.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Daten-D) (Fixed) (Total:1753.01 GB) (Free:916.54 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DF1E9041) Partition 1: (Active) - (Size=110 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1753 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Insgesamt habe ich den Eindruck, dass mein Rechner jetzt schneller läuft als vorher, Warnungen bekomme ich auch keine mehr. Ich kann nur Danke sagen. Fantastisch, wie du mich durch diese Sache durch manövriert hast. Was würden DAUs wie ich ohne jemand wie dich nur machen? |
22.12.2014, 13:30 | #18 |
/// the machine /// TB-Ausbilder | Trojaner-Warnung nach Steam-Update Fertig
__________________Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ |
Themen zu Trojaner-Warnung nach Steam-Update |
anwendung, appdata, brauch, c:\windows, computer, gestern, installieren, installiert, löschen, meldung, morgen, msil/injector.gps, quarantäne, rechner, stunden, update, warnung, windows, zusammen |