Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.08.2014, 12:19   #1
LiScho
 
Registrierungsschlüssel: 13   ( PUP.Optional.SearchGo ) - Standard

Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )



Hi Trojaner-Board, hi schrauber,
leider hat´s mich mal wieder erwischt. Kannst Du bitte mal einen Blick auf die log-Datei werfen?
Ist hier eine Bereinigung erforderlich?
Viele Grüße und danke im Voraus
LiScho


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.08.2014
Suchlauf-Zeit: 12:46:16
Logdatei: Malwarebytes text datei.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.14.04
Rootkit Datenbank: v2014.08.04.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x86
Dateisystem: NTFS
Benutzer: LiScho

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 325927
Verstrichene Zeit: 15 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 13
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, In Quarantäne, [92ea7e48aad12d090a63752f887a9967], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\TypeLib\{105F25A9-C42F-48A6-998D-0494E8AE336A}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Alt 14.08.2014, 13:18   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Registrierungsschlüssel: 13   ( PUP.Optional.SearchGo ) - Standard

Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 14.08.2014, 21:03   #3
LiScho
 
Registrierungsschlüssel: 13   ( PUP.Optional.SearchGo ) - Standard

Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )



Hi, hier die logs:



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-08-2014 02
Ran by LiScho (administrator) on ROSCHO on 14-08-2014 21:51:30
Running from C:\Users\LiScho\Downloads
Platform: Microsoft Windows 8.1 Pro mit Media Center (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
(Curse, Inc) C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\Curse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Spotify Web Helper] => C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-27] (Spotify Ltd)
HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-04-01] (Sony)
HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Facebook Update] => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-15] (Facebook Inc.)
HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Spotify] => C:\Users\LiScho\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-27] (Spotify Ltd)
HKU\S-1-5-21-2340962828-1122493312-3214376579-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515584 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\LiScho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\LiScho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x21C297C9B1A1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {3BD8AE26-1C7E-718C-A38F-2F9609847DFD} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ie-21&tbrId=v1_abb-channel-7_f6ea224c124f408db7d75677b941d4f3_30_46_20131012_DE_ie_ds_&query={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\LiScho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\abs@avira.com [2014-08-08]
FF Extension: anonymoX - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\client@anonymox.net.xpi [2014-01-13]
FF Extension: Cliqz Beta - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\cliqz@cliqz.com.xpi [2014-08-12]
FF Extension: NoScript - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-28]
FF Extension: Adblock Plus - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\extensions\cliqz@cliqz.com

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1905488 2014-07-21] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-07-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 supereasy_1cbackup; c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe [21600 2013-11-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-24] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-24] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [35848 2014-07-25] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 hamachi; C:\WINDOWS\system32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 KoneFltr; C:\WINDOWS\system32\drivers\Kone.sys [13056 2008-12-11] (ROCCAT Ltd)
R3 LVPr2Mon; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 pepifilter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-10-14] (Secunia)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 21:51 - 2014-08-14 21:53 - 00014628 _____ () C:\Users\LiScho\Downloads\FRST.txt
2014-08-14 21:51 - 2014-08-14 21:51 - 00000000 ____D () C:\FRST
2014-08-14 21:50 - 2014-08-14 21:50 - 01092096 _____ (Farbar) C:\Users\LiScho\Downloads\FRST.exe
2014-08-14 13:09 - 2014-08-14 13:09 - 00003118 _____ () C:\Users\LiScho\Desktop\Malwarebytes text datei.txt
2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-14 12:43 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-14 12:43 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-14 12:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-14 12:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-14 12:41 - 2014-08-14 12:43 - 00004611 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-08-13 21:40 - 2014-08-14 21:46 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-13 21:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-13 21:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-11 22:35 - 2014-08-11 22:35 - 00001228 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-08-11 22:34 - 2014-08-11 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-08-11 22:33 - 2014-08-13 18:47 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-08-10 20:48 - 2014-08-10 20:48 - 00001024 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Abelssoft
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Abelssoft
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-10 20:48 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\system32\dhRichClient3.dll
2014-08-10 20:48 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\system32\sqlite36_engine.dll
2014-08-10 20:47 - 2014-08-10 20:48 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-08-10 20:46 - 2014-08-10 20:46 - 01101648 _____ () C:\Users\LiScho\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe
2014-08-10 13:15 - 2014-08-10 13:15 - 00001071 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-08-10 13:10 - 2014-08-10 13:26 - 00000000 ____D () C:\Users\LiScho\Documents\StarCraft II
2014-08-10 13:10 - 2014-08-10 13:21 - 00000000 ____D () C:\Program Files\StarCraft II
2014-08-10 13:10 - 2014-08-10 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-08-10 13:07 - 2014-08-14 12:44 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Battle.net
2014-08-10 13:07 - 2014-08-13 18:44 - 00000000 ____D () C:\Program Files\Battle.net
2014-08-10 13:07 - 2014-08-11 22:35 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-08-10 13:07 - 2014-08-10 13:15 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-10 13:07 - 2014-08-10 13:10 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Battle.net
2014-08-10 13:07 - 2014-08-10 13:07 - 00001092 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\NVIDIA
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Blizzard Entertainment
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-10 13:06 - 2014-08-10 13:06 - 03227560 _____ (Blizzard Entertainment) C:\Users\LiScho\Downloads\StarCraft-II-Setup-deDE.exe
2014-08-10 13:06 - 2014-08-10 13:06 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-08 11:44 - 2014-08-08 11:49 - 00001111 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 11:43 - 2014-08-08 11:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-30 20:03 - 2014-07-30 20:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-07-25 15:00 - 2014-07-10 06:08 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-25 15:00 - 2014-07-10 05:59 - 03922432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-25 15:00 - 2014-07-10 05:34 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-18 21:16 - 2014-07-18 21:16 - 00000000 ____D () C:\ProgramData\Riot Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 21:53 - 2014-08-14 21:51 - 00014628 _____ () C:\Users\LiScho\Downloads\FRST.txt
2014-08-14 21:51 - 2014-08-14 21:51 - 00000000 ____D () C:\FRST
2014-08-14 21:50 - 2014-08-14 21:50 - 01092096 _____ (Farbar) C:\Users\LiScho\Downloads\FRST.exe
2014-08-14 21:47 - 2014-03-12 16:52 - 00000000 ___DO () C:\Users\LiScho\SkyDrive (2)
2014-08-14 21:46 - 2014-08-13 21:40 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 21:46 - 2014-03-15 04:41 - 00000946 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001UA.job
2014-08-14 21:45 - 2013-10-22 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-14 21:45 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-14 21:45 - 2012-11-09 19:27 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 13:27 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-14 13:13 - 2013-10-22 17:28 - 01349588 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-14 13:09 - 2014-08-14 13:09 - 00003118 _____ () C:\Users\LiScho\Desktop\Malwarebytes text datei.txt
2014-08-14 13:04 - 2012-11-09 19:27 - 00001112 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 13:02 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-14 13:02 - 2012-11-09 15:25 - 00073698 _____ () C:\WINDOWS\system32\lvcoinst.log
2014-08-14 13:01 - 2012-11-12 19:35 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Spotify
2014-08-14 12:53 - 2013-01-19 18:47 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-14 12:44 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Battle.net
2014-08-14 12:44 - 2013-10-28 19:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-14 12:43 - 2014-08-14 12:41 - 00004611 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-08-14 12:43 - 2013-10-28 19:08 - 00000000 ____D () C:\Program Files\Java
2014-08-14 12:42 - 2013-10-03 17:40 - 00000000 ____D () C:\Users\LiScho\AppData\Local\PMB Files
2014-08-14 12:42 - 2013-10-03 17:40 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-14 12:34 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-14 12:28 - 2013-03-30 18:01 - 00000000 ____D () C:\Users\LiScho\AppData\Local\LogMeIn Hamachi
2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-13 21:39 - 2013-09-18 19:27 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Malwarebytes
2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-13 18:47 - 2014-08-11 22:33 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-08-13 18:44 - 2014-08-10 13:07 - 00000000 ____D () C:\Program Files\Battle.net
2014-08-13 00:26 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-12 23:27 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-12 22:41 - 2014-06-06 21:03 - 00000000 ____D () C:\Users\LiScho\AppData\Local\SuperEasy 1-Click Backup
2014-08-12 22:38 - 2012-11-12 19:35 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Spotify
2014-08-11 22:35 - 2014-08-11 22:35 - 00001228 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-08-11 22:35 - 2014-08-10 13:07 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-08-11 22:34 - 2014-08-11 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-08-11 21:11 - 2013-08-22 09:22 - 00367040 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-10 20:48 - 2014-08-10 20:48 - 00001024 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Abelssoft
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Abelssoft
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-10 20:48 - 2014-08-10 20:47 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-08-10 20:46 - 2014-08-10 20:46 - 01101648 _____ () C:\Users\LiScho\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe
2014-08-10 13:26 - 2014-08-10 13:10 - 00000000 ____D () C:\Users\LiScho\Documents\StarCraft II
2014-08-10 13:21 - 2014-08-10 13:10 - 00000000 ____D () C:\Program Files\StarCraft II
2014-08-10 13:15 - 2014-08-10 13:15 - 00001071 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-08-10 13:15 - 2014-08-10 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-08-10 13:15 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-10 13:10 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Battle.net
2014-08-10 13:07 - 2014-08-10 13:07 - 00001092 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\NVIDIA
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Blizzard Entertainment
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-10 13:06 - 2014-08-10 13:06 - 03227560 _____ (Blizzard Entertainment) C:\Users\LiScho\Downloads\StarCraft-II-Setup-deDE.exe
2014-08-10 13:06 - 2014-08-10 13:06 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-10 12:52 - 2013-08-22 09:23 - 00330825 _____ () C:\WINDOWS\setupact.log
2014-08-08 11:49 - 2014-08-08 11:44 - 00001111 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 11:49 - 2014-08-08 11:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 11:49 - 2013-10-22 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 11:49 - 2013-10-22 19:28 - 00000000 ____D () C:\Program Files\Avira
2014-08-08 11:43 - 2013-10-22 19:28 - 00000000 ____D () C:\ProgramData\Avira
2014-07-31 19:05 - 2012-11-09 13:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 20:04 - 2014-07-30 20:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 16:55 - 2013-10-22 17:34 - 00000000 ____D () C:\Users\LiScho
2014-07-29 16:49 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-28 20:48 - 2013-12-18 20:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 15:04 - 2013-12-18 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-07-25 14:53 - 2013-10-22 19:28 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-25 12:55 - 2014-08-14 12:43 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-25 12:49 - 2014-08-14 12:43 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-25 12:49 - 2014-08-14 12:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-25 12:49 - 2014-08-14 12:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-18 21:16 - 2014-07-18 21:16 - 00000000 ____D () C:\ProgramData\Riot Games

Files to move or delete:
====================
C:\Users\LiScho\xobglu16.dll
C:\Users\LiScho\xobglu32.dll


Some content of TEMP:
====================
C:\Users\LiScho\AppData\Local\Temp\avgnt.exe
C:\Users\LiScho\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-12 23:25

==================== End Of Log ============================
         
--- --- ---




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-08-2014 02
Ran by LiScho at 2014-08-14 21:53:09
Running from C:\Users\LiScho\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0600}) (Version: 12.6.0.1898 - APN, LLC)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
CHIP Updater (HKLM\...\CHIP Updater_is1) (Version: 2.28 - Abelssoft)
Cliqz (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.0.1 - Cliqz.com)
CrystalDiskInfo 6.1.10 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.10 - Crystal Dew World)
Curse (HKLM\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Nähen mit Kasimir (HKLM\...\KASIMIR) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Secunia PSI (3.0.0.8013) (HKLM\...\Secunia PSI) (Version: 3.0.0.8013 - Secunia)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.206 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
SuperEasy 1-Click Backup (HKLM\...\SuperEasy 1-Click Backup) (Version: 1.13 - SuperEasy Software GmbH & Co. KG)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2340962828-1122493312-3214376579-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2340962828-1122493312-3214376579-1001_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2340962828-1122493312-3214376579-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\LiScho\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2340962828-1122493312-3214376579-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\LiScho\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2340962828-1122493312-3214376579-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\LiScho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points  =========================

20-07-2014 00:32:50 Geplanter Prüfpunkt
27-07-2014 13:01:16 Windows Update
14-08-2014 10:38:10 Installed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {122E87D0-42B5-47F7-AA32-3CD7746212AA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {1C96ECC7-5892-4D56-BEAF-60475331229B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)
Task: {21B4FE1E-5A0C-4FA8-A80A-DDC04581EF81} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001UA => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-15] (Facebook Inc.)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {435F1FFA-DCA3-4A91-B10E-E212E68DC94E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {4C81B1FA-FB44-47C7-A3CA-BC059FA889B5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe [2014-08-07] (CHIP)
Task: {555CB0ED-D1C5-4C5F-897B-C1282D225CBE} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {5B460F9C-139B-4EC9-9539-26B81F35A7F0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {699D58A3-8554-47B7-A555-3248108FE4A3} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6AB774D6-18A4-47EE-B259-5D869186E4C9} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2340962828-1122493312-3214376579-1001
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {9D7F2150-A847-45EC-80A7-11F6A16050B0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001Core => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-15] (Facebook Inc.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {A7E9BFE4-AB6B-45C5-87A5-95AAC4F282E2} - System32\Tasks\CrystalDiskInfo => C:\Program Files\CrystalDiskInfo\DiskInfo.exe [2014-04-05] (Crystal Dew World)
Task: {B42CC507-CBBD-400D-8D65-957967226C1D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C1D88B0F-6BAA-41B6-A456-7AE44AF2EF8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E65BD89B-F21A-4D54-A959-31E765C29B60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)
Task: {E9853018-4526-40A4-9D04-00C31A6D6490} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001Core.job => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001UA.job => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-22 17:28 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00021600 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe
2013-11-28 17:04 - 2013-11-28 17:04 - 00072800 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupServiceLib.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 07275616 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupCore.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00112224 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\deemon.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 02818144 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\ox.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00345184 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\veem.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00043104 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzmaUtil.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00346208 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\twirl.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00247392 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\tomb.dll
2013-11-21 12:56 - 2013-11-21 12:56 - 00214528 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\party.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00084576 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\scoolite.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00050272 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\minizutil.dll
2013-11-21 12:54 - 2013-11-21 12:54 - 00017408 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zlibutil.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00138336 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\netutil.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00061952 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zdll.dll
2013-11-28 14:33 - 2013-11-28 14:33 - 00040960 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzma.dll
2013-11-28 14:32 - 2013-11-28 14:32 - 00438784 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\sqlite.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-11-21 13:42 - 2013-11-21 13:42 - 00030720 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
2014-08-08 11:44 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\LiScho\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00316512 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe
2013-11-28 17:04 - 2013-11-28 17:04 - 04152928 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClientLib.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 02818144 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\ox.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00272992 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\updateman.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 07275616 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupCore.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00112224 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\deemon.dll
2013-11-21 12:56 - 2013-11-21 12:56 - 00214528 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\party.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00138336 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\netutil.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00107616 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\featback.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00346208 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\twirl.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00247392 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\tomb.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00061952 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zdll.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00345184 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\veem.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00043104 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzmaUtil.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00084576 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\scoolite.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00050272 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\minizutil.dll
2013-11-21 12:54 - 2013-11-21 12:54 - 00017408 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zlibutil.dll
2013-11-28 14:33 - 2013-11-28 14:33 - 00040960 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzma.dll
2013-11-28 14:32 - 2013-11-28 14:32 - 00438784 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\sqlite.dll
2013-11-21 13:42 - 2013-11-21 13:42 - 00030720 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
2013-12-13 08:12 - 2013-12-13 08:12 - 00307712 _____ () C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\opus.dll
2014-03-10 13:55 - 2014-05-22 19:16 - 00437248 _____ () C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2014-07-30 20:03 - 2014-07-30 20:04 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\LiScho\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive (2):ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive (4).old:ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive (5).old:ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "LogitechQuickCamRibbon"
HKLM\...\StartupApproved\Run: => "LogMeIn Hamachi Ui"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\Run: => "Sony PC Companion"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "Spotify"

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2014 09:47:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (08/14/2014 09:47:21 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (08/14/2014 09:47:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (08/14/2014 09:45:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: RoScho)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (08/14/2014 09:45:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\TEMP\ntuser.dat

Error: (08/14/2014 09:45:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: RoScho)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (08/14/2014 09:45:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
 for C:\Users\_supereasy_1cbackup_\ntuser.dat


System errors:
=============
Error: (08/14/2014 09:46:23 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/14/2014 09:46:23 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/14/2014 09:46:23 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/14/2014 09:46:22 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/14/2014 09:46:22 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/14/2014 09:46:22 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/14/2014 09:46:22 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/14/2014 09:46:22 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/14/2014 09:46:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/14/2014 09:46:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.


Microsoft Office Sessions:
=========================
Error: (08/14/2014 09:47:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (08/14/2014 09:47:21 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (08/14/2014 09:47:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4

Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (08/14/2014 09:45:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: RoScho)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.

Error: (08/14/2014 09:45:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\TEMP\ntuser.dat

Error: (08/14/2014 09:45:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: RoScho)
Description: 

Error: (08/14/2014 09:45:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\_supereasy_1cbackup_\ntuser.dat


CodeIntegrity Errors:
===================================
  Date: 2014-02-27 19:14:07.029
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 19:13:55.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 19:13:55.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 19:13:55.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 19:13:55.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 19:13:55.301
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 19:13:55.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 19:13:55.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 19:13:54.867
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-27 19:13:54.790
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 38%
Total physical RAM: 3070.49 MB
Available physical RAM: 1882.74 MB
Total Pagefile: 4990.49 MB
Available Pagefile: 3474.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1862.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.21 GB) (Free:100.03 GB) NTFS
Drive e: (Sicherungen) (Fixed) (Total:76.33 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: 8A388A38)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=186 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 76 GB) (Disk ID: AA44AA44)
Partition 1: (Not Active) - (Size=76 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 15.08.2014, 18:54   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Registrierungsschlüssel: 13   ( PUP.Optional.SearchGo ) - Standard

Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )



Sieht gut aus, wenn keine aktiven Probleme bestehen Fnde löschen lassen, nochmal scannen. Wenn dann nix mehr kommt ist alles gut
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.08.2014, 14:50   #5
LiScho
 
Registrierungsschlüssel: 13   ( PUP.Optional.SearchGo ) - Standard

Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )



sieht jetzt so aus:



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 02
Ran by LiScho (administrator) on ROSCHO on 16-08-2014 15:44:30
Running from C:\Users\LiScho\Downloads
Platform: Microsoft Windows 8.1 Pro mit Media Center (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
(Curse, Inc) C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\Curse.exe
(Spotify Ltd) C:\Users\LiScho\AppData\Roaming\Spotify\spotify.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
(Crystal Dew World) C:\Program Files\CrystalDiskInfo\DiskInfo.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\LoLLauncher.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.4930\Battle.net.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(CHIP) C:\Program Files\CHIP Updater\CHIPUpdater.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Spotify Web Helper] => C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-27] (Spotify Ltd)
HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-04-01] (Sony)
HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Facebook Update] => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-15] (Facebook Inc.)
HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Spotify] => C:\Users\LiScho\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-27] (Spotify Ltd)
HKU\S-1-5-21-2340962828-1122493312-3214376579-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515584 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\LiScho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\LiScho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x21C297C9B1A1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {3BD8AE26-1C7E-718C-A38F-2F9609847DFD} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ie-21&tbrId=v1_abb-channel-7_f6ea224c124f408db7d75677b941d4f3_30_46_20131012_DE_ie_ds_&query={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\LiScho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\abs@avira.com [2014-08-08]
FF Extension: anonymoX - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\client@anonymox.net.xpi [2014-01-13]
FF Extension: Cliqz Beta - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\cliqz@cliqz.com.xpi [2014-08-12]
FF Extension: NoScript - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-28]
FF Extension: Adblock Plus - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\extensions\cliqz@cliqz.com

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1905488 2014-07-21] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-07-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 supereasy_1cbackup; c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe [21600 2013-11-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-24] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-24] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [35848 2014-07-25] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 hamachi; C:\WINDOWS\system32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 KoneFltr; C:\WINDOWS\system32\drivers\Kone.sys [13056 2008-12-11] (ROCCAT Ltd)
R3 LVPr2Mon; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 pepifilter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-10-14] (Secunia)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 15:40 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\LiScho\Downloads\FRST-OlderVersion
2014-08-14 21:53 - 2014-08-14 21:53 - 00033363 _____ () C:\Users\LiScho\Downloads\Addition.txt
2014-08-14 21:51 - 2014-08-16 15:44 - 00015573 _____ () C:\Users\LiScho\Downloads\FRST.txt
2014-08-14 21:51 - 2014-08-16 15:44 - 00000000 ____D () C:\FRST
2014-08-14 21:50 - 2014-08-16 15:40 - 01093632 _____ (Farbar) C:\Users\LiScho\Downloads\FRST.exe
2014-08-14 13:09 - 2014-08-14 13:09 - 00003118 _____ () C:\Users\LiScho\Desktop\Malwarebytes text datei.txt
2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-14 12:43 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-14 12:43 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-14 12:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-14 12:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-14 12:41 - 2014-08-14 12:43 - 00004611 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-08-13 21:40 - 2014-08-16 15:32 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-13 21:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-13 21:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-11 22:35 - 2014-08-11 22:35 - 00001228 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-08-11 22:34 - 2014-08-11 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-08-11 22:33 - 2014-08-13 18:47 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-08-10 20:48 - 2014-08-10 20:48 - 00001024 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Abelssoft
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Abelssoft
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-10 20:48 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\system32\dhRichClient3.dll
2014-08-10 20:48 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\system32\sqlite36_engine.dll
2014-08-10 20:47 - 2014-08-10 20:48 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-08-10 20:46 - 2014-08-10 20:46 - 01101648 _____ () C:\Users\LiScho\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe
2014-08-10 13:15 - 2014-08-10 13:15 - 00001071 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-08-10 13:10 - 2014-08-10 13:26 - 00000000 ____D () C:\Users\LiScho\Documents\StarCraft II
2014-08-10 13:10 - 2014-08-10 13:21 - 00000000 ____D () C:\Program Files\StarCraft II
2014-08-10 13:10 - 2014-08-10 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-08-10 13:07 - 2014-08-16 15:44 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Battle.net
2014-08-10 13:07 - 2014-08-13 18:44 - 00000000 ____D () C:\Program Files\Battle.net
2014-08-10 13:07 - 2014-08-11 22:35 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-08-10 13:07 - 2014-08-10 13:15 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-10 13:07 - 2014-08-10 13:10 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Battle.net
2014-08-10 13:07 - 2014-08-10 13:07 - 00001092 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\NVIDIA
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Blizzard Entertainment
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-10 13:06 - 2014-08-10 13:06 - 03227560 _____ (Blizzard Entertainment) C:\Users\LiScho\Downloads\StarCraft-II-Setup-deDE.exe
2014-08-10 13:06 - 2014-08-10 13:06 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-08 11:44 - 2014-08-08 11:49 - 00001111 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 11:43 - 2014-08-08 11:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-30 20:03 - 2014-07-30 20:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-07-25 15:00 - 2014-07-10 06:08 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-25 15:00 - 2014-07-10 05:59 - 03922432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-25 15:00 - 2014-07-10 05:34 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-18 21:16 - 2014-07-18 21:16 - 00000000 ____D () C:\ProgramData\Riot Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 15:45 - 2014-08-14 21:51 - 00015573 _____ () C:\Users\LiScho\Downloads\FRST.txt
2014-08-16 15:45 - 2013-10-03 17:40 - 00000000 ____D () C:\Users\LiScho\AppData\Local\PMB Files
2014-08-16 15:44 - 2014-08-14 21:51 - 00000000 ____D () C:\FRST
2014-08-16 15:44 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Battle.net
2014-08-16 15:40 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\LiScho\Downloads\FRST-OlderVersion
2014-08-16 15:40 - 2014-08-14 21:50 - 01093632 _____ (Farbar) C:\Users\LiScho\Downloads\FRST.exe
2014-08-16 15:40 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-16 15:39 - 2012-11-09 15:25 - 00084498 _____ () C:\WINDOWS\system32\lvcoinst.log
2014-08-16 15:35 - 2012-11-12 19:35 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Spotify
2014-08-16 15:33 - 2014-03-12 16:52 - 00000000 ___DO () C:\Users\LiScho\SkyDrive (2)
2014-08-16 15:32 - 2014-08-13 21:40 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 15:32 - 2012-11-09 19:27 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 15:30 - 2013-10-22 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-16 15:30 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-15 15:06 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-15 15:05 - 2013-10-22 17:28 - 01564897 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-15 15:04 - 2012-11-09 19:27 - 00001112 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 15:00 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-15 14:53 - 2013-01-19 18:47 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-15 12:50 - 2013-03-30 18:01 - 00000000 ____D () C:\Users\LiScho\AppData\Local\LogMeIn Hamachi
2014-08-15 00:46 - 2014-03-15 04:41 - 00000946 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001UA.job
2014-08-14 22:11 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-14 22:07 - 2013-08-22 09:23 - 00331669 _____ () C:\WINDOWS\setupact.log
2014-08-14 21:53 - 2014-08-14 21:53 - 00033363 _____ () C:\Users\LiScho\Downloads\Addition.txt
2014-08-14 13:09 - 2014-08-14 13:09 - 00003118 _____ () C:\Users\LiScho\Desktop\Malwarebytes text datei.txt
2014-08-14 12:44 - 2013-10-28 19:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-14 12:43 - 2014-08-14 12:41 - 00004611 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-08-14 12:43 - 2013-10-28 19:08 - 00000000 ____D () C:\Program Files\Java
2014-08-14 12:42 - 2013-10-03 17:40 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-13 21:39 - 2013-09-18 19:27 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Malwarebytes
2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-13 18:47 - 2014-08-11 22:33 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-08-13 18:44 - 2014-08-10 13:07 - 00000000 ____D () C:\Program Files\Battle.net
2014-08-12 23:27 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-12 22:41 - 2014-06-06 21:03 - 00000000 ____D () C:\Users\LiScho\AppData\Local\SuperEasy 1-Click Backup
2014-08-12 22:38 - 2012-11-12 19:35 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Spotify
2014-08-11 22:35 - 2014-08-11 22:35 - 00001228 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-08-11 22:35 - 2014-08-10 13:07 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-08-11 22:34 - 2014-08-11 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-08-11 21:11 - 2013-08-22 09:22 - 00367040 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-10 20:48 - 2014-08-10 20:48 - 00001024 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Abelssoft
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Abelssoft
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-10 20:48 - 2014-08-10 20:47 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-08-10 20:46 - 2014-08-10 20:46 - 01101648 _____ () C:\Users\LiScho\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe
2014-08-10 13:26 - 2014-08-10 13:10 - 00000000 ____D () C:\Users\LiScho\Documents\StarCraft II
2014-08-10 13:21 - 2014-08-10 13:10 - 00000000 ____D () C:\Program Files\StarCraft II
2014-08-10 13:15 - 2014-08-10 13:15 - 00001071 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-08-10 13:15 - 2014-08-10 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-08-10 13:15 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-10 13:10 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Battle.net
2014-08-10 13:07 - 2014-08-10 13:07 - 00001092 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\NVIDIA
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Blizzard Entertainment
2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-10 13:06 - 2014-08-10 13:06 - 03227560 _____ (Blizzard Entertainment) C:\Users\LiScho\Downloads\StarCraft-II-Setup-deDE.exe
2014-08-10 13:06 - 2014-08-10 13:06 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-08 11:49 - 2014-08-08 11:44 - 00001111 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 11:49 - 2014-08-08 11:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 11:49 - 2013-10-22 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 11:49 - 2013-10-22 19:28 - 00000000 ____D () C:\Program Files\Avira
2014-08-08 11:43 - 2013-10-22 19:28 - 00000000 ____D () C:\ProgramData\Avira
2014-07-31 19:05 - 2012-11-09 13:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 20:04 - 2014-07-30 20:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 16:55 - 2013-10-22 17:34 - 00000000 ____D () C:\Users\LiScho
2014-07-29 16:49 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-28 20:48 - 2013-12-18 20:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 15:04 - 2013-12-18 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-07-25 14:53 - 2013-10-22 19:28 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-25 12:55 - 2014-08-14 12:43 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-25 12:49 - 2014-08-14 12:43 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-25 12:49 - 2014-08-14 12:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-25 12:49 - 2014-08-14 12:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-18 21:16 - 2014-07-18 21:16 - 00000000 ____D () C:\ProgramData\Riot Games

Files to move or delete:
====================
C:\Users\LiScho\xobglu16.dll
C:\Users\LiScho\xobglu32.dll


Some content of TEMP:
====================
C:\Users\LiScho\AppData\Local\Temp\avgnt.exe
C:\Users\LiScho\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-12 23:25

==================== End Of Log ============================
         
--- --- ---



Weitere Probleme: zur Zeit nicht voranden.
Danke für Deine Unterstützung
Gruß LiScho


Alt 17.08.2014, 07:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Registrierungsschlüssel: 13   ( PUP.Optional.SearchGo ) - Standard

Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )

Antwort

Themen zu Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )
bereinigung, blick, code, datenbank, datum, detected, erforderlich, hi schrauber, ics, interface, log-datei, malicious, malwarebytes, objekte, quara, quarantäne, registrierungsschlüssel, schrauber, schutz, software, troja, trojaner-board, webseite, webseiten, werfen, windows



Ähnliche Themen: Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )


  1. GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  2. PUP.Optional.Multiplug Registrierungsschlüssel 8Elemente
    Log-Analyse und Auswertung - 28.12.2014 (19)
  3. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  4. Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (3)
  5. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  6. PUP.Optional.DomalQ / PUP.Optional.BProtector / PUP.Optional.InstallMonetizer.A
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (9)
  7. Windows 8: Fund von TR/Dropper.gen, PUP.Optional.Iminent.A, PUP.Optional.BizzyBolt, PUP.Optional.DigitalSites.A
    Log-Analyse und Auswertung - 10.12.2013 (13)
  8. Infizierte Registrierungsschlüssel
    Log-Analyse und Auswertung - 20.11.2013 (11)
  9. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  10. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)
  11. PUP.Optional.BrowserDefender.A, PUP.Optional.Babylon.A, PUP.Optional.Delta
    Log-Analyse und Auswertung - 25.08.2013 (8)
  12. Infizierte Registrierungsschlüssel
    Log-Analyse und Auswertung - 19.04.2012 (22)
  13. Infizierte Registrierungsschlüssel: 2
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (1)
  14. Infizierte Registrierungsschlüssel gefunden ?!?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (25)
  15. Adware.MyWebSearch in Registrierungsschlüssel
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (11)
  16. Infizierte Registrierungsschlüssel und -werte
    Log-Analyse und Auswertung - 04.11.2009 (6)
  17. Änderung Registrierungsschlüssel bei AOL-Anwahl
    Log-Analyse und Auswertung - 23.05.2008 (3)

Zum Thema Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo ) - Hi Trojaner-Board, hi schrauber, leider hat´s mich mal wieder erwischt. Kannst Du bitte mal einen Blick auf die log-Datei werfen? Ist hier eine Bereinigung erforderlich? Viele Grüße und danke im - Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )...
Archiv
Du betrachtest: Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo ) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.