Solved Infection aftermath help needed

Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
durchgeführt von johnf (19-01-2019 19:27:15) Run:1
Gestartet von C:\Users\johnf\Desktop
Geladene Profile: defaultuser0 & johnf & admin & Administrator (Verfügbare Profile: defaultuser0 & johnf & admin & Administrator)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschr�nkung <==== ACHTUNG
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {388c7019-d5a0-11e8-8a26-061cc31ba87d} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {48059458-1317-11e9-8a78-a81e846ac091} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {675494ea-727a-11e8-89dc-a81e846ac091} - "G:\dvdcheck.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {7a5ac85a-9635-11e8-89f6-a81e846ac091} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {7f428c8c-6ddf-11e8-89da-a81e846ac091} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-127663350-3041579137-739029980-1001\...\MountPoints2: {b0fae1d3-7589-11e8-89df-a81e846ac091} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Beschr�nkung ? <==== ACHTUNG
SearchScopes: HKU\S-1-5-21-127663350-3041579137-739029980-1001 -> {B02D0787-BF2C-496E-8534-50198E09B2E5} URL =
U3 aswbdisk; kein ImagePath
U1 avgbdisk; kein ImagePath
S3 HTCAND64; \SystemRoot\System32\Drivers\ANDROIDUSB.sys [X]
U4 npcap_wifi; kein ImagePath
2019-01-13 20:58 - 2019-01-13 20:59 - 000000082 _____ () C:\Users\johnf\invisible.vbs
2018-01-07 11:43 - 2018-01-07 11:43 - 000000073 ____C () C:\Users\johnf\AppData\Roaming\GTAV Update Blocker.ini
2018-01-28 01:38 - 2018-02-07 17:29 - 000035491 ____C () C:\Users\johnf\AppData\Roaming\net.telestream.wirecast.xml
2018-02-01 16:19 - 2018-02-01 16:28 - 000000881 ____C () C:\Users\johnf\AppData\Roaming\pc-capture-log.txt
2017-08-29 10:05 - 2019-01-19 16:10 - 000000600 ____C () C:\Users\johnf\AppData\Roaming\winscp.rnd
2019-01-12 22:52 - 2019-01-12 22:52 - 000001456 ____C () C:\Users\johnf\AppData\Local\Adobe F�r Web speichern 13.0 Prefs
2019-01-16 19:12 - 2019-01-16 19:12 - 000013212 ____C () C:\Users\johnf\AppData\Local\recently-used.xbel
2019-01-04 17:34 - 2019-01-04 18:40 - 000000015 ____C () C:\Users\johnf\AppData\Local\X-Plane_drm_11.prf
2019-01-04 17:32 - 2019-01-04 17:32 - 000000022 ____C () C:\Users\johnf\AppData\Local\x-plane_install_11.txt
2017-09-01 19:56 - 2018-12-16 13:41 - 000000143 ____C () C:\Users\johnf\AppData\Local\zenmap.exe.log
2019-01-19 15:06 - 2019-01-19 15:06 - 000040448 ____C () C:\Users\johnf\AppData\Local\Temp\proxy_vole2846813678141583804.dll
2019-01-19 15:06 - 2019-01-19 15:06 - 000040448 ____C () C:\Users\johnf\AppData\Local\Temp\proxy_vole2995707856706044275.dll
2019-01-19 15:06 - 2019-01-19 15:06 - 000040448 ____C () C:\Users\johnf\AppData\Local\Temp\proxy_vole6702494483056341352.dll
2019-01-19 00:20 - 2017-01-12 13:40 - 000331176 __RSC (Tarma Software Research Ltd) C:\Users\johnf\AppData\Local\Temp\Tsu8CD87F94.dll
2019-01-16 19:52 - 2019-01-16 19:54 - 041846888 ____C () C:\Users\johnf\AppData\Local\Temp\vlc-3.0.6-win64.exe
CustomCLSID: HKU\S-1-5-21-127663350-3041579137-739029980-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E9D9ECBE8559}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-127663350-3041579137-739029980-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0x7A952765EBAFD40169302B65EBAFD401010000000900000000000000 => Keine Datei
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => -> Keine Datei
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => -> Keine Datei
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Keine Datei
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Keine Datei
ContextMenuHandlers1-x32: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> Keine Datei
ContextMenuHandlers2-x32: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Programme\TortoiseSVN\bin\TortoiseStub32.dll -> Keine Datei
ContextMenuHandlers2-x32-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => S:\VMware\VMware Workstation\vmdkShellExt.dll -> Keine Datei
ContextMenuHandlers2-x32-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => -> Keine Datei
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Keine Datei
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Keine Datei
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Keine Datei
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Keine Datei
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Keine Datei
Task: {69DB23C7-4AD0-466D-9AFA-033501E46136} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Shortcut: C:\Users\johnf\Desktop\netstat.bat - Verkn�pfung.lnk -> C:\Users\johnf\Desktop\netstat.bat (Keine Datei)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\noosyffq.sys:changelist [452]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
FirewallRules: [{422AF7CE-925E-4B32-96AA-98DB9E86854B}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\license_activator.exe Keine Datei
FirewallRules: [{EA325302-5472-43FF-89F1-ADA950408AB2}] => (Block) %ProgramFiles% (x86)\Snagit 13\Snagit32.exe Keine Datei
FirewallRules: [{6E971EAA-DC5D-4A52-9F27-3D80AA700B8F}] => (Block) %ProgramFiles% (x86)\Snagit 13\SnagitEditor.exe Keine Datei
FirewallRules: [{EF1EB89E-2D40-4C8A-8FF3-5DB84B7E2546}] => (Block) D:\Programme\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe Keine Datei
FirewallRules: [{65B68B46-F6D6-452B-B895-6CF0387F59E3}] => (Block) D:\Programme\Adobe\Acrobat 11.0\Acrobat Elements\Acrobat Elements.exe Keine Datei
FirewallRules: [{DB325E95-877F-4D6B-9526-360002CC7C91}] => (Block) D:\Programme\Adobe\Acrobat 11.0\Acrobat\wow_helper.exe Keine Datei
FirewallRules: [{36301519-DF8F-4BAC-9BCC-7D6B2AD6F23D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Bridge\Bridge.exe Keine Datei
FirewallRules: [{89A37F69-2775-4959-992D-942EBDC8B9CC}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Help Center\ahc.exe Keine Datei
FirewallRules: [{5F4C8111-75BF-4DC3-8853-27ECAD20219D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Help Center\ahcremind.exe Keine Datei
FirewallRules: [{5BF518A2-70E0-4B7C-AC35-EB244247079D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit\ExtendScript Toolkit.exe Keine Datei
FirewallRules: [{BE852D0B-A0BF-4CBE-94C1-F001AF0196C8}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Keine Datei
FirewallRules: [{18CCAD34-C0B0-4181-98F7-8C40E40F5180}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe Keine Datei
FirewallRules: [{0933C541-8F9B-42E7-A76C-4A61B671CEA2}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe Keine Datei
FirewallRules: [{5067A4AF-7F39-4B20-8074-CAFF6DEBBC05}] => (Block) D:\Games\Prepar3D v4\Prepar3D.exe Keine Datei
FirewallRules: [{35B61310-31E6-4AD3-B58C-49E7CBA7570E}] => (Block) D:\Downloads\Prepar3d v4\Prepar3D.v4.Professional.Plus.4.0.23.21468\Setup_Prepar3D.exe Keine Datei
FirewallRules: [{771D836C-466B-401B-8DC1-637C36BBF4BB}] => (Block) D:\Programme\Magix Music Maker Premium\2017\MusicMaker.exe Keine Datei
FirewallRules: [{330A9EE4-9644-4783-91F3-26971CC52747}] => (Block) D:\Programme\Magix Music Maker Premium\2017\MxErr.exe Keine Datei
FirewallRules: [{DF4B4645-E4D2-4151-AA26-4B689087AC10}] => (Block) D:\Programme\Magix Music Maker Premium\2017\Online\MagixOfa.exe Keine Datei
FirewallRules: [{A894214A-577B-489C-9D65-ECEA5077F033}] => (Block) D:\Programme\Magix Music Maker Premium\2017\Online\DM\MxDownloadManager.exe Keine Datei
FirewallRules: [{ABD7A815-626A-442C-A470-F06260E4661B}] => (Block) D:\Programme\Magix Music Maker Premium\2017\coverlabel\xaralink.exe Keine Datei
FirewallRules: [TCP Query User{1281B099-04EE-4DB6-AEFB-C79A187373AD}D:\programme\activesky_p3dv4\as_p3dv4.exe] => (Block) D:\programme\activesky_p3dv4\as_p3dv4.exe Keine Datei
FirewallRules: [UDP Query User{F98AFF16-E4D5-4F7B-9BBE-1274363C70EC}D:\programme\activesky_p3dv4\as_p3dv4.exe] => (Block) D:\programme\activesky_p3dv4\as_p3dv4.exe Keine Datei
FirewallRules: [{23DC5599-F214-44DA-93F9-84E95925FFAA}] => (Block) %ProgramFiles%\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe Keine Datei
FirewallRules: [{1984A014-B1F6-4330-80A2-4A2243FD9009}] => (Block) D:\Games\X-Plane 11\X-Plane.exe Keine Datei
FirewallRules: [{22F06694-9445-4C48-A46A-C154F272E539}] => (Block) D:\Games\X-Plane 11\Airfoil Maker.exe Keine Datei
FirewallRules: [{349F8D37-D38B-4DA7-AFDE-E8E0B24A28E8}] => (Block) D:\Games\X-Plane 11\Plane Maker.exe Keine Datei
FirewallRules: [{2EA884DA-3002-43D8-8ED5-8F71C6B56789}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2019\Adobe Premiere Pro.exe Keine Datei
FirewallRules: [{B03893AF-7677-4A0B-AD43-7FC4F7F373A4}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2019\CRWindowsClientService.exe Keine Datei
FirewallRules: [{32ED12ED-A3FA-4F04-BED9-8396A146AD87}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe Keine Datei
FirewallRules: [{7EC4B1AC-5E58-4695-90B5-600009BD7E22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe Keine Datei
FirewallRules: [{159B65A2-277D-469D-9708-A704E6148A67}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe Keine Datei
FirewallRules: [{402B1233-1D91-4DC9-B3B5-4A9E9FF998DA}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe Keine Datei

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => erfolgreich entfernt
HKU\S-1-5-21-127663350-3041579137-739029980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{388c7019-d5a0-11e8-8a26-061cc31ba87d} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{388c7019-d5a0-11e8-8a26-061cc31ba87d} => nicht gefunden
HKU\S-1-5-21-127663350-3041579137-739029980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48059458-1317-11e9-8a78-a81e846ac091} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{48059458-1317-11e9-8a78-a81e846ac091} => nicht gefunden
HKU\S-1-5-21-127663350-3041579137-739029980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{675494ea-727a-11e8-89dc-a81e846ac091} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{675494ea-727a-11e8-89dc-a81e846ac091} => nicht gefunden
HKU\S-1-5-21-127663350-3041579137-739029980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5ac85a-9635-11e8-89f6-a81e846ac091} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{7a5ac85a-9635-11e8-89f6-a81e846ac091} => nicht gefunden
HKU\S-1-5-21-127663350-3041579137-739029980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f428c8c-6ddf-11e8-89da-a81e846ac091} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{7f428c8c-6ddf-11e8-89da-a81e846ac091} => nicht gefunden
HKU\S-1-5-21-127663350-3041579137-739029980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0fae1d3-7589-11e8-89df-a81e846ac091} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{b0fae1d3-7589-11e8-89df-a81e846ac091} => nicht gefunden
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben
HKU\S-1-5-21-127663350-3041579137-739029980-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B02D0787-BF2C-496E-8534-50198E09B2E5} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{B02D0787-BF2C-496E-8534-50198E09B2E5} => nicht gefunden
HKLM\System\CurrentControlSet\Services\aswbdisk => erfolgreich entfernt
aswbdisk => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\avgbdisk => erfolgreich entfernt
avgbdisk => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\HTCAND64 => erfolgreich entfernt
HTCAND64 => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\npcap_wifi => erfolgreich entfernt
npcap_wifi => Dienst erfolgreich entfernt
C:\Users\johnf\invisible.vbs => erfolgreich verschoben
C:\Users\johnf\AppData\Roaming\GTAV Update Blocker.ini => erfolgreich verschoben
C:\Users\johnf\AppData\Roaming\net.telestream.wirecast.xml => erfolgreich verschoben
C:\Users\johnf\AppData\Roaming\pc-capture-log.txt => erfolgreich verschoben
C:\Users\johnf\AppData\Roaming\winscp.rnd => erfolgreich verschoben
"C:\Users\johnf\AppData\Local\Adobe F�r Web speichern 13.0 Prefs" => nicht gefunden
C:\Users\johnf\AppData\Local\recently-used.xbel => erfolgreich verschoben
C:\Users\johnf\AppData\Local\X-Plane_drm_11.prf => erfolgreich verschoben
C:\Users\johnf\AppData\Local\x-plane_install_11.txt => erfolgreich verschoben
C:\Users\johnf\AppData\Local\zenmap.exe.log => erfolgreich verschoben
C:\Users\johnf\AppData\Local\Temp\proxy_vole2846813678141583804.dll => erfolgreich verschoben
C:\Users\johnf\AppData\Local\Temp\proxy_vole2995707856706044275.dll => erfolgreich verschoben
C:\Users\johnf\AppData\Local\Temp\proxy_vole6702494483056341352.dll => erfolgreich verschoben
C:\Users\johnf\AppData\Local\Temp\Tsu8CD87F94.dll => erfolgreich verschoben
C:\Users\johnf\AppData\Local\Temp\vlc-3.0.6-win64.exe => erfolgreich verschoben
HKU\S-1-5-21-127663350-3041579137-739029980-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E9D9ECBE8559} => erfolgreich entfernt
HKU\S-1-5-21-127663350-3041579137-739029980-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817} => erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1 => invalid subkey removed.
HKLM\Software\Classes\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => nicht gefunden
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2 => invalid subkey removed.
HKLM\Software\Classes\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303} => nicht gefunden
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3 => invalid subkey removed.
HKLM\Software\Classes\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => nicht gefunden
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShareOverlay => erfolgreich entfernt
HKLM\Software\Wow6432Node\Classes\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516} => erfolgreich entfernt
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => nicht gefunden
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => erfolgreich entfernt
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => erfolgreich entfernt
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WorkFolders => erfolgreich entfernt
HKLM\Software\Wow6432Node\Classes\CLSID\{E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => nicht gefunden
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\TortoiseSVN => erfolgreich entfernt
HKLM\Software\Wow6432Node\Classes\CLSID\{30351349-7B7D-4FCC-81B4-1E394CA267EB} => erfolgreich entfernt
ContextMenuHandlers2-x32-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => S:\VMware\VMware Workstation\vmdkShellExt.dll -> Keine Datei => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
ContextMenuHandlers2-x32-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => -> Keine Datei => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => nicht gefunden
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => nicht gefunden
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => nicht gefunden
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WorkFolders => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} => nicht gefunden
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => nicht gefunden
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => nicht gefunden
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => nicht gefunden
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69DB23C7-4AD0-466D-9AFA-033501E46136}" => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69DB23C7-4AD0-466D-9AFA-033501E46136}" => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => nicht gefunden
"C:\Users\johnf\Desktop\netstat.bat - Verkn�pfung.lnk" => nicht gefunden
C:\WINDOWS\system32\Drivers\noosyffq.sys => ":changelist" ADS erfolgreich entfernt
C:\Users\Public\Shared Files => ":VersionCache" ADS erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{422AF7CE-925E-4B32-96AA-98DB9E86854B}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA325302-5472-43FF-89F1-ADA950408AB2}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E971EAA-DC5D-4A52-9F27-3D80AA700B8F}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF1EB89E-2D40-4C8A-8FF3-5DB84B7E2546}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65B68B46-F6D6-452B-B895-6CF0387F59E3}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB325E95-877F-4D6B-9526-360002CC7C91}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36301519-DF8F-4BAC-9BCC-7D6B2AD6F23D}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89A37F69-2775-4959-992D-942EBDC8B9CC}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F4C8111-75BF-4DC3-8853-27ECAD20219D}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BF518A2-70E0-4B7C-AC35-EB244247079D}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE852D0B-A0BF-4CBE-94C1-F001AF0196C8}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18CCAD34-C0B0-4181-98F7-8C40E40F5180}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0933C541-8F9B-42E7-A76C-4A61B671CEA2}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5067A4AF-7F39-4B20-8074-CAFF6DEBBC05}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35B61310-31E6-4AD3-B58C-49E7CBA7570E}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{771D836C-466B-401B-8DC1-637C36BBF4BB}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{330A9EE4-9644-4783-91F3-26971CC52747}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF4B4645-E4D2-4151-AA26-4B689087AC10}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A894214A-577B-489C-9D65-ECEA5077F033}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ABD7A815-626A-442C-A470-F06260E4661B}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1281B099-04EE-4DB6-AEFB-C79A187373AD}D:\programme\activesky_p3dv4\as_p3dv4.exe" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F98AFF16-E4D5-4F7B-9BBE-1274363C70EC}D:\programme\activesky_p3dv4\as_p3dv4.exe" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23DC5599-F214-44DA-93F9-84E95925FFAA}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1984A014-B1F6-4330-80A2-4A2243FD9009}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22F06694-9445-4C48-A46A-C154F272E539}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{349F8D37-D38B-4DA7-AFDE-E8E0B24A28E8}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EA884DA-3002-43D8-8ED5-8F71C6B56789}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B03893AF-7677-4A0B-AD43-7FC4F7F373A4}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32ED12ED-A3FA-4F04-BED9-8396A146AD87}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7EC4B1AC-5E58-4695-90B5-600009BD7E22}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{159B65A2-277D-469D-9708-A704E6148A67}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{402B1233-1D91-4DC9-B3B5-4A9E9FF998DA}" => erfolgreich entfernt


Das System musste neu gestartet werden.

==== Ende von Fixlog 19:31:00 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 8.0
Windows Defender
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Wise Registry Cleaner 10.1.4
Java 8 Update 191
Java version 32-bit out of Date!
Google Chrome (71.0.3578.98)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by johnf (administrator) on 20-01-2019 at 19:18:55
Running from "C:\Users\johnf\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Your computer is clean https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg[/URL]]

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 
Broni.. first of all, thanks for your awesome help. I didn't expect you to work on sunday and I really appreciate your time and patience.

I am happy my pc is considered clean now, I am now using a password manager and changed all my passwords.

It appears that the initial problem with steamWebHelper still exists. As the problem does not occur on another windows-profile I see myself forced to create a new one. At least I can rule out it's any left infection to cause this and feel well entering my passwords and do online banking.

I will remember you for a donation as soon as I earn money again. That may take a year, but I WILL remember you, that's a promise.

THANK YOU!
 
You must log in or register to reply here.

Similar threads

yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
3K
yRaz
yRaz
S
At loss: Kernel virus or something else
2
Replies
30
Views
8K
Soup Stand
S
Matthew DeCarlo
Weekend tech reading: DRAM prices up 111% from 2016, how to live without Google, 99 PC...
Replies
1
Views
1K
Kibaruk
Kibaruk

Latest posts

Back