| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo )Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.08.2014, 12:19
| #1 |
 |  Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo ) Hi Trojaner-Board, hi schrauber, leider hat´s mich mal wieder erwischt. Kannst Du bitte mal einen Blick auf die log-Datei werfen? Ist hier eine Bereinigung erforderlich? Viele Grüße und danke im Voraus LiScho Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.08.2014 Suchlauf-Zeit: 12:46:16 Logdatei: Malwarebytes text datei.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.14.04 Rootkit Datenbank: v2014.08.04.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x86 Dateisystem: NTFS Benutzer: LiScho Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 325927 Verstrichene Zeit: 15 Min, 48 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 13 PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, In Quarantäne, [92ea7e48aad12d090a63752f887a9967], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\TypeLib\{105F25A9-C42F-48A6-998D-0494E8AE336A}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, In Quarantäne, [c1bbbb0ba8d343f35914f2b2bc464eb2], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) |
|
14.08.2014, 13:18
| #2 |
| /// the machine /// TB-Ausbilder    | Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo ) hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
14.08.2014, 21:03
| #3 |
| | Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo ) Hi, hier die logs:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-08-2014 02 Ran by LiScho (administrator) on ROSCHO on 14-08-2014 21:51:30 Running from C:\Users\LiScho\Downloads Platform: Microsoft Windows 8.1 Pro mit Media Center (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe (Curse, Inc) C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\Curse.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wsqmcons.exe (Microsoft Corporation) C:\Windows\ehome\mcupdate.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Spotify Web Helper] => C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-27] (Spotify Ltd) HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-04-01] (Sony) HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Facebook Update] => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-15] (Facebook Inc.) HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Spotify] => C:\Users\LiScho\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-27] (Spotify Ltd) HKU\S-1-5-21-2340962828-1122493312-3214376579-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515584 2013-08-22] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\LiScho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk ShortcutTarget: Curse.lnk -> C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) Startup: C:\Users\LiScho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x21C297C9B1A1CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {3BD8AE26-1C7E-718C-A38F-2F9609847DFD} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ie-21&tbrId=v1_abb-channel-7_f6ea224c124f408db7d75677b941d4f3_30_46_20131012_DE_ie_ds_&query={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default FF DefaultSearchEngine: DuckDuckGo FF SelectedSearchEngine: DuckDuckGo FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\LiScho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\amazon.xml FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\abs@avira.com [2014-08-08] FF Extension: anonymoX - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\client@anonymox.net.xpi [2014-01-13] FF Extension: Cliqz Beta - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\cliqz@cliqz.com.xpi [2014-08-12] FF Extension: NoScript - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-28] FF Extension: Adblock Plus - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28] FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\extensions\cliqz@cliqz.com Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-08] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1905488 2014-07-21] (LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-07-16] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 supereasy_1cbackup; c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe [21600 2013-11-28] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-24] (Microsoft Corporation) S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-24] (Microsoft Corporation) S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [35848 2014-07-25] (Avira Operations GmbH & Co. KG) R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation) S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation) S3 hamachi; C:\WINDOWS\system32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 KoneFltr; C:\WINDOWS\system32\drivers\Kone.sys [13056 2008-12-11] (ROCCAT Ltd) R3 LVPr2Mon; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 pepifilter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.) R3 PID_PEPI; C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-10-14] (Secunia) R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-24] (Microsoft Corporation) R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation) S3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 21:51 - 2014-08-14 21:53 - 00014628 _____ () C:\Users\LiScho\Downloads\FRST.txt 2014-08-14 21:51 - 2014-08-14 21:51 - 00000000 ____D () C:\FRST 2014-08-14 21:50 - 2014-08-14 21:50 - 01092096 _____ (Farbar) C:\Users\LiScho\Downloads\FRST.exe 2014-08-14 13:09 - 2014-08-14 13:09 - 00003118 _____ () C:\Users\LiScho\Desktop\Malwarebytes text datei.txt 2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-14 12:43 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-08-14 12:43 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-08-14 12:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-08-14 12:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-08-14 12:41 - 2014-08-14 12:43 - 00004611 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log 2014-08-13 21:40 - 2014-08-14 21:46 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-13 21:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-08-13 21:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-11 22:35 - 2014-08-11 22:35 - 00001228 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk 2014-08-11 22:34 - 2014-08-11 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2014-08-11 22:33 - 2014-08-13 18:47 - 00000000 ____D () C:\Program Files\World of Warcraft 2014-08-10 20:48 - 2014-08-10 20:48 - 00001024 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Abelssoft 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Abelssoft 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-08-10 20:48 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\system32\dhRichClient3.dll 2014-08-10 20:48 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\system32\sqlite36_engine.dll 2014-08-10 20:47 - 2014-08-10 20:48 - 00000000 ____D () C:\Program Files\CHIP Updater 2014-08-10 20:46 - 2014-08-10 20:46 - 01101648 _____ () C:\Users\LiScho\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe 2014-08-10 13:15 - 2014-08-10 13:15 - 00001071 _____ () C:\Users\Public\Desktop\StarCraft II.lnk 2014-08-10 13:10 - 2014-08-10 13:26 - 00000000 ____D () C:\Users\LiScho\Documents\StarCraft II 2014-08-10 13:10 - 2014-08-10 13:21 - 00000000 ____D () C:\Program Files\StarCraft II 2014-08-10 13:10 - 2014-08-10 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2014-08-10 13:07 - 2014-08-14 12:44 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Battle.net 2014-08-10 13:07 - 2014-08-13 18:44 - 00000000 ____D () C:\Program Files\Battle.net 2014-08-10 13:07 - 2014-08-11 22:35 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment 2014-08-10 13:07 - 2014-08-10 13:15 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-08-10 13:07 - 2014-08-10 13:10 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Battle.net 2014-08-10 13:07 - 2014-08-10 13:07 - 00001092 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\NVIDIA 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Blizzard Entertainment 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-08-10 13:06 - 2014-08-10 13:06 - 03227560 _____ (Blizzard Entertainment) C:\Users\LiScho\Downloads\StarCraft-II-Setup-deDE.exe 2014-08-10 13:06 - 2014-08-10 13:06 - 00000000 ____D () C:\ProgramData\Battle.net 2014-08-08 11:44 - 2014-08-08 11:49 - 00001111 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-08 11:43 - 2014-08-08 11:49 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-30 20:03 - 2014-07-30 20:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2014-07-25 15:00 - 2014-07-10 06:08 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-07-25 15:00 - 2014-07-10 05:59 - 03922432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-07-25 15:00 - 2014-07-10 05:34 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-07-18 21:16 - 2014-07-18 21:16 - 00000000 ____D () C:\ProgramData\Riot Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 21:53 - 2014-08-14 21:51 - 00014628 _____ () C:\Users\LiScho\Downloads\FRST.txt 2014-08-14 21:51 - 2014-08-14 21:51 - 00000000 ____D () C:\FRST 2014-08-14 21:50 - 2014-08-14 21:50 - 01092096 _____ (Farbar) C:\Users\LiScho\Downloads\FRST.exe 2014-08-14 21:47 - 2014-03-12 16:52 - 00000000 ___DO () C:\Users\LiScho\SkyDrive (2) 2014-08-14 21:46 - 2014-08-13 21:40 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 21:46 - 2014-03-15 04:41 - 00000946 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001UA.job 2014-08-14 21:45 - 2013-10-22 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-14 21:45 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-14 21:45 - 2012-11-09 19:27 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-14 13:27 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-08-14 13:13 - 2013-10-22 17:28 - 01349588 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-14 13:09 - 2014-08-14 13:09 - 00003118 _____ () C:\Users\LiScho\Desktop\Malwarebytes text datei.txt 2014-08-14 13:04 - 2012-11-09 19:27 - 00001112 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-14 13:02 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-08-14 13:02 - 2012-11-09 15:25 - 00073698 _____ () C:\WINDOWS\system32\lvcoinst.log 2014-08-14 13:01 - 2012-11-12 19:35 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Spotify 2014-08-14 12:53 - 2013-01-19 18:47 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-14 12:44 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Battle.net 2014-08-14 12:44 - 2013-10-28 19:09 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-14 12:43 - 2014-08-14 12:41 - 00004611 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log 2014-08-14 12:43 - 2013-10-28 19:08 - 00000000 ____D () C:\Program Files\Java 2014-08-14 12:42 - 2013-10-03 17:40 - 00000000 ____D () C:\Users\LiScho\AppData\Local\PMB Files 2014-08-14 12:42 - 2013-10-03 17:40 - 00000000 ____D () C:\ProgramData\PMB Files 2014-08-14 12:34 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-08-14 12:28 - 2013-03-30 18:01 - 00000000 ____D () C:\Users\LiScho\AppData\Local\LogMeIn Hamachi 2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-13 21:39 - 2013-09-18 19:27 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Malwarebytes 2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-13 18:47 - 2014-08-11 22:33 - 00000000 ____D () C:\Program Files\World of Warcraft 2014-08-13 18:44 - 2014-08-10 13:07 - 00000000 ____D () C:\Program Files\Battle.net 2014-08-13 00:26 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-08-12 23:27 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-08-12 22:41 - 2014-06-06 21:03 - 00000000 ____D () C:\Users\LiScho\AppData\Local\SuperEasy 1-Click Backup 2014-08-12 22:38 - 2012-11-12 19:35 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Spotify 2014-08-11 22:35 - 2014-08-11 22:35 - 00001228 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk 2014-08-11 22:35 - 2014-08-10 13:07 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment 2014-08-11 22:34 - 2014-08-11 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2014-08-11 21:11 - 2013-08-22 09:22 - 00367040 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-08-10 20:48 - 2014-08-10 20:48 - 00001024 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Abelssoft 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Abelssoft 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-08-10 20:48 - 2014-08-10 20:47 - 00000000 ____D () C:\Program Files\CHIP Updater 2014-08-10 20:46 - 2014-08-10 20:46 - 01101648 _____ () C:\Users\LiScho\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe 2014-08-10 13:26 - 2014-08-10 13:10 - 00000000 ____D () C:\Users\LiScho\Documents\StarCraft II 2014-08-10 13:21 - 2014-08-10 13:10 - 00000000 ____D () C:\Program Files\StarCraft II 2014-08-10 13:15 - 2014-08-10 13:15 - 00001071 _____ () C:\Users\Public\Desktop\StarCraft II.lnk 2014-08-10 13:15 - 2014-08-10 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2014-08-10 13:15 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-08-10 13:10 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Battle.net 2014-08-10 13:07 - 2014-08-10 13:07 - 00001092 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\NVIDIA 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Blizzard Entertainment 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-08-10 13:06 - 2014-08-10 13:06 - 03227560 _____ (Blizzard Entertainment) C:\Users\LiScho\Downloads\StarCraft-II-Setup-deDE.exe 2014-08-10 13:06 - 2014-08-10 13:06 - 00000000 ____D () C:\ProgramData\Battle.net 2014-08-10 12:52 - 2013-08-22 09:23 - 00330825 _____ () C:\WINDOWS\setupact.log 2014-08-08 11:49 - 2014-08-08 11:44 - 00001111 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-08 11:49 - 2014-08-08 11:43 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-08 11:49 - 2013-10-22 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-08 11:49 - 2013-10-22 19:28 - 00000000 ____D () C:\Program Files\Avira 2014-08-08 11:43 - 2013-10-22 19:28 - 00000000 ____D () C:\ProgramData\Avira 2014-07-31 19:05 - 2012-11-09 13:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-30 20:04 - 2014-07-30 20:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-29 16:55 - 2013-10-22 17:34 - 00000000 ____D () C:\Users\LiScho 2014-07-29 16:49 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-28 20:48 - 2013-12-18 20:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-27 15:04 - 2013-12-18 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2014-07-25 14:53 - 2013-10-22 19:28 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2014-07-25 12:55 - 2014-08-14 12:43 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-07-25 12:49 - 2014-08-14 12:43 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-07-25 12:49 - 2014-08-14 12:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-07-25 12:49 - 2014-08-14 12:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-07-18 21:16 - 2014-07-18 21:16 - 00000000 ____D () C:\ProgramData\Riot Games Files to move or delete: ==================== C:\Users\LiScho\xobglu16.dll C:\Users\LiScho\xobglu32.dll Some content of TEMP: ==================== C:\Users\LiScho\AppData\Local\Temp\avgnt.exe C:\Users\LiScho\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-12 23:25 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-08-2014 02
Ran by LiScho at 2014-08-14 21:53:09
Running from C:\Users\LiScho\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0600}) (Version: 12.6.0.1898 - APN, LLC)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
CHIP Updater (HKLM\...\CHIP Updater_is1) (Version: 2.28 - Abelssoft)
Cliqz (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.0.1 - Cliqz.com)
CrystalDiskInfo 6.1.10 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.10 - Crystal Dew World)
Curse (HKLM\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Nähen mit Kasimir (HKLM\...\KASIMIR) (Version: - )
NVIDIA 3D Vision Controller-Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Secunia PSI (3.0.0.8013) (HKLM\...\Secunia PSI) (Version: 3.0.0.8013 - Secunia)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.206 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarCraft II (HKLM\...\StarCraft II) (Version: - Blizzard Entertainment)
SuperEasy 1-Click Backup (HKLM\...\SuperEasy 1-Click Backup) (Version: 1.13 - SuperEasy Software GmbH & Co. KG)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2340962828-1122493312-3214376579-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2340962828-1122493312-3214376579-1001_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2340962828-1122493312-3214376579-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\LiScho\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2340962828-1122493312-3214376579-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\LiScho\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2340962828-1122493312-3214376579-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\LiScho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
==================== Restore Points =========================
20-07-2014 00:32:50 Geplanter Prüfpunkt
27-07-2014 13:01:16 Windows Update
14-08-2014 10:38:10 Installed Java 7 Update 67
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {122E87D0-42B5-47F7-AA32-3CD7746212AA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {1C96ECC7-5892-4D56-BEAF-60475331229B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)
Task: {21B4FE1E-5A0C-4FA8-A80A-DDC04581EF81} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001UA => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-15] (Facebook Inc.)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {435F1FFA-DCA3-4A91-B10E-E212E68DC94E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {4C81B1FA-FB44-47C7-A3CA-BC059FA889B5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe [2014-08-07] (CHIP)
Task: {555CB0ED-D1C5-4C5F-897B-C1282D225CBE} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {5B460F9C-139B-4EC9-9539-26B81F35A7F0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {699D58A3-8554-47B7-A555-3248108FE4A3} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6AB774D6-18A4-47EE-B259-5D869186E4C9} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2340962828-1122493312-3214376579-1001
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {9D7F2150-A847-45EC-80A7-11F6A16050B0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001Core => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-15] (Facebook Inc.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {A7E9BFE4-AB6B-45C5-87A5-95AAC4F282E2} - System32\Tasks\CrystalDiskInfo => C:\Program Files\CrystalDiskInfo\DiskInfo.exe [2014-04-05] (Crystal Dew World)
Task: {B42CC507-CBBD-400D-8D65-957967226C1D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {C1D88B0F-6BAA-41B6-A456-7AE44AF2EF8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E65BD89B-F21A-4D54-A959-31E765C29B60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)
Task: {E9853018-4526-40A4-9D04-00C31A6D6490} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001Core.job => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001UA.job => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-22 17:28 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00021600 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe
2013-11-28 17:04 - 2013-11-28 17:04 - 00072800 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupServiceLib.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 07275616 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupCore.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00112224 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\deemon.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 02818144 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\ox.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00345184 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\veem.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00043104 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzmaUtil.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00346208 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\twirl.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00247392 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\tomb.dll
2013-11-21 12:56 - 2013-11-21 12:56 - 00214528 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\party.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00084576 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\scoolite.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00050272 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\minizutil.dll
2013-11-21 12:54 - 2013-11-21 12:54 - 00017408 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zlibutil.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00138336 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\netutil.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00061952 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zdll.dll
2013-11-28 14:33 - 2013-11-28 14:33 - 00040960 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzma.dll
2013-11-28 14:32 - 2013-11-28 14:32 - 00438784 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\sqlite.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-11-21 13:42 - 2013-11-21 13:42 - 00030720 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
2014-08-08 11:44 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\LiScho\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00316512 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe
2013-11-28 17:04 - 2013-11-28 17:04 - 04152928 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClientLib.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 02818144 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\ox.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00272992 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\updateman.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 07275616 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupCore.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00112224 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\deemon.dll
2013-11-21 12:56 - 2013-11-21 12:56 - 00214528 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\party.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00138336 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\netutil.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00107616 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\featback.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00346208 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\twirl.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00247392 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\tomb.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00061952 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zdll.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00345184 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\veem.dll
2013-11-28 17:03 - 2013-11-28 17:03 - 00043104 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzmaUtil.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00084576 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\scoolite.dll
2013-11-28 17:04 - 2013-11-28 17:04 - 00050272 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\minizutil.dll
2013-11-21 12:54 - 2013-11-21 12:54 - 00017408 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zlibutil.dll
2013-11-28 14:33 - 2013-11-28 14:33 - 00040960 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzma.dll
2013-11-28 14:32 - 2013-11-28 14:32 - 00438784 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\sqlite.dll
2013-11-21 13:42 - 2013-11-21 13:42 - 00030720 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe
2013-12-13 08:12 - 2013-12-13 08:12 - 00307712 _____ () C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\opus.dll
2014-03-10 13:55 - 2014-05-22 19:16 - 00437248 _____ () C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2014-07-30 20:03 - 2014-07-30 20:04 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\LiScho\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive (2):ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive (4).old:ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive (5).old:ms-properties
AlternateDataStreams: C:\Users\LiScho\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "LogitechQuickCamRibbon"
HKLM\...\StartupApproved\Run: => "LogMeIn Hamachi Ui"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\Run: => "Sony PC Companion"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "Spotify"
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/14/2014 09:47:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
Error: (08/14/2014 09:47:21 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/14/2014 09:47:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (08/14/2014 09:45:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: RoScho)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet.
Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
Error: (08/14/2014 09:45:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
for C:\Users\TEMP\ntuser.dat
Error: (08/14/2014 09:45:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: RoScho)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (08/14/2014 09:45:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Die Datenbank der Konfigurationsregistrierung ist beschädigt.
for C:\Users\_supereasy_1cbackup_\ntuser.dat
System errors:
=============
Error: (08/14/2014 09:46:23 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/14/2014 09:46:23 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/14/2014 09:46:23 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/14/2014 09:46:22 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/14/2014 09:46:22 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/14/2014 09:46:22 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/14/2014 09:46:22 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/14/2014 09:46:22 PM) (Source: DCOM) (EventID: 10016) (User: ROSCHO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}RoSchoLiSchoS-1-5-21-2340962828-1122493312-3214376579-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (08/14/2014 09:46:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/14/2014 09:46:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.
Microsoft Office Sessions:
=========================
Error: (08/14/2014 09:47:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
Error: (08/14/2014 09:47:21 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/14/2014 09:47:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
Error: (08/14/2014 09:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (08/14/2014 09:45:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: RoScho)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
Error: (08/14/2014 09:45:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\TEMP\ntuser.dat
Error: (08/14/2014 09:45:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: RoScho)
Description:
Error: (08/14/2014 09:45:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Datenbank der Konfigurationsregistrierung ist beschädigt.
C:\Users\_supereasy_1cbackup_\ntuser.dat
CodeIntegrity Errors:
===================================
Date: 2014-02-27 19:14:07.029
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-27 19:13:55.569
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-27 19:13:55.457
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-27 19:13:55.394
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-27 19:13:55.346
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-27 19:13:55.301
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-27 19:13:55.228
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-27 19:13:55.057
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-27 19:13:54.867
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-27 19:13:54.790
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 38%
Total physical RAM: 3070.49 MB
Available physical RAM: 1882.74 MB
Total Pagefile: 4990.49 MB
Available Pagefile: 3474.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1862.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:186.21 GB) (Free:100.03 GB) NTFS
Drive e: (Sicherungen) (Fixed) (Total:76.33 GB) (Free:0 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: 8A388A38)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=186 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 76 GB) (Disk ID: AA44AA44)
Partition 1: (Not Active) - (Size=76 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
15.08.2014, 18:54
| #4 |
| /// the machine /// TB-Ausbilder | Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo ) Sieht gut aus, wenn keine aktiven Probleme bestehen Fnde löschen lassen, nochmal scannen. Wenn dann nix mehr kommt ist alles gut 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.08.2014, 14:50
| #5 |
| | Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo ) sieht jetzt so aus: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 02 Ran by LiScho (administrator) on ROSCHO on 16-08-2014 15:44:30 Running from C:\Users\LiScho\Downloads Platform: Microsoft Windows 8.1 Pro mit Media Center (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe (Curse, Inc) C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\Curse.exe (Spotify Ltd) C:\Users\LiScho\AppData\Roaming\Spotify\spotify.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe (Crystal Dew World) C:\Program Files\CrystalDiskInfo\DiskInfo.exe () C:\Program Files\Pando Networks\Media Booster\PMB.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\LoLLauncher.exe (Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.4930\Battle.net.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (CHIP) C:\Program Files\CHIP Updater\CHIPUpdater.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Spotify Web Helper] => C:\Users\LiScho\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-27] (Spotify Ltd) HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-04-01] (Sony) HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Facebook Update] => C:\Users\LiScho\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-15] (Facebook Inc.) HKU\S-1-5-21-2340962828-1122493312-3214376579-1001\...\Run: [Spotify] => C:\Users\LiScho\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-27] (Spotify Ltd) HKU\S-1-5-21-2340962828-1122493312-3214376579-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515584 2013-08-22] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\LiScho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk ShortcutTarget: Curse.lnk -> C:\Users\LiScho\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) Startup: C:\Users\LiScho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x21C297C9B1A1CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {3BD8AE26-1C7E-718C-A38F-2F9609847DFD} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ie-21&tbrId=v1_abb-channel-7_f6ea224c124f408db7d75677b941d4f3_30_46_20131012_DE_ie_ds_&query={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default FF DefaultSearchEngine: DuckDuckGo FF SelectedSearchEngine: DuckDuckGo FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\LiScho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\amazon.xml FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\abs@avira.com [2014-08-08] FF Extension: anonymoX - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\client@anonymox.net.xpi [2014-01-13] FF Extension: Cliqz Beta - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\cliqz@cliqz.com.xpi [2014-08-12] FF Extension: NoScript - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-28] FF Extension: Adblock Plus - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28] FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\LiScho\AppData\Roaming\Mozilla\Firefox\Profiles\pj4eeolt.default\extensions\cliqz@cliqz.com Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-08] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1905488 2014-07-21] (LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-07-16] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 supereasy_1cbackup; c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe [21600 2013-11-28] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-24] (Microsoft Corporation) S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-24] (Microsoft Corporation) S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [35848 2014-07-25] (Avira Operations GmbH & Co. KG) R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation) S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation) S3 hamachi; C:\WINDOWS\system32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 KoneFltr; C:\WINDOWS\system32\drivers\Kone.sys [13056 2008-12-11] (ROCCAT Ltd) R3 LVPr2Mon; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 pepifilter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.) R3 PID_PEPI; C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-10-14] (Secunia) R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-24] (Microsoft Corporation) R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation) S3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 15:40 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\LiScho\Downloads\FRST-OlderVersion 2014-08-14 21:53 - 2014-08-14 21:53 - 00033363 _____ () C:\Users\LiScho\Downloads\Addition.txt 2014-08-14 21:51 - 2014-08-16 15:44 - 00015573 _____ () C:\Users\LiScho\Downloads\FRST.txt 2014-08-14 21:51 - 2014-08-16 15:44 - 00000000 ____D () C:\FRST 2014-08-14 21:50 - 2014-08-16 15:40 - 01093632 _____ (Farbar) C:\Users\LiScho\Downloads\FRST.exe 2014-08-14 13:09 - 2014-08-14 13:09 - 00003118 _____ () C:\Users\LiScho\Desktop\Malwarebytes text datei.txt 2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-14 12:43 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-08-14 12:43 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-08-14 12:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-08-14 12:43 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-08-14 12:41 - 2014-08-14 12:43 - 00004611 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log 2014-08-13 21:40 - 2014-08-16 15:32 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-13 21:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-08-13 21:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-11 22:35 - 2014-08-11 22:35 - 00001228 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk 2014-08-11 22:34 - 2014-08-11 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2014-08-11 22:33 - 2014-08-13 18:47 - 00000000 ____D () C:\Program Files\World of Warcraft 2014-08-10 20:48 - 2014-08-10 20:48 - 00001024 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Abelssoft 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Abelssoft 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-08-10 20:48 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\system32\dhRichClient3.dll 2014-08-10 20:48 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\system32\sqlite36_engine.dll 2014-08-10 20:47 - 2014-08-10 20:48 - 00000000 ____D () C:\Program Files\CHIP Updater 2014-08-10 20:46 - 2014-08-10 20:46 - 01101648 _____ () C:\Users\LiScho\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe 2014-08-10 13:15 - 2014-08-10 13:15 - 00001071 _____ () C:\Users\Public\Desktop\StarCraft II.lnk 2014-08-10 13:10 - 2014-08-10 13:26 - 00000000 ____D () C:\Users\LiScho\Documents\StarCraft II 2014-08-10 13:10 - 2014-08-10 13:21 - 00000000 ____D () C:\Program Files\StarCraft II 2014-08-10 13:10 - 2014-08-10 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2014-08-10 13:07 - 2014-08-16 15:44 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Battle.net 2014-08-10 13:07 - 2014-08-13 18:44 - 00000000 ____D () C:\Program Files\Battle.net 2014-08-10 13:07 - 2014-08-11 22:35 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment 2014-08-10 13:07 - 2014-08-10 13:15 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-08-10 13:07 - 2014-08-10 13:10 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Battle.net 2014-08-10 13:07 - 2014-08-10 13:07 - 00001092 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\NVIDIA 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Blizzard Entertainment 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-08-10 13:06 - 2014-08-10 13:06 - 03227560 _____ (Blizzard Entertainment) C:\Users\LiScho\Downloads\StarCraft-II-Setup-deDE.exe 2014-08-10 13:06 - 2014-08-10 13:06 - 00000000 ____D () C:\ProgramData\Battle.net 2014-08-08 11:44 - 2014-08-08 11:49 - 00001111 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-08 11:43 - 2014-08-08 11:49 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-30 20:03 - 2014-07-30 20:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2014-07-25 15:00 - 2014-07-10 06:08 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-07-25 15:00 - 2014-07-10 05:59 - 03922432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-07-25 15:00 - 2014-07-10 05:34 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-07-18 21:16 - 2014-07-18 21:16 - 00000000 ____D () C:\ProgramData\Riot Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 15:45 - 2014-08-14 21:51 - 00015573 _____ () C:\Users\LiScho\Downloads\FRST.txt 2014-08-16 15:45 - 2013-10-03 17:40 - 00000000 ____D () C:\Users\LiScho\AppData\Local\PMB Files 2014-08-16 15:44 - 2014-08-14 21:51 - 00000000 ____D () C:\FRST 2014-08-16 15:44 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Battle.net 2014-08-16 15:40 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\LiScho\Downloads\FRST-OlderVersion 2014-08-16 15:40 - 2014-08-14 21:50 - 01093632 _____ (Farbar) C:\Users\LiScho\Downloads\FRST.exe 2014-08-16 15:40 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-08-16 15:39 - 2012-11-09 15:25 - 00084498 _____ () C:\WINDOWS\system32\lvcoinst.log 2014-08-16 15:35 - 2012-11-12 19:35 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Spotify 2014-08-16 15:33 - 2014-03-12 16:52 - 00000000 ___DO () C:\Users\LiScho\SkyDrive (2) 2014-08-16 15:32 - 2014-08-13 21:40 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-16 15:32 - 2012-11-09 19:27 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-16 15:30 - 2013-10-22 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-16 15:30 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-15 15:06 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-08-15 15:05 - 2013-10-22 17:28 - 01564897 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-15 15:04 - 2012-11-09 19:27 - 00001112 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-15 15:00 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-08-15 14:53 - 2013-01-19 18:47 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-15 12:50 - 2013-03-30 18:01 - 00000000 ____D () C:\Users\LiScho\AppData\Local\LogMeIn Hamachi 2014-08-15 00:46 - 2014-03-15 04:41 - 00000946 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2340962828-1122493312-3214376579-1001UA.job 2014-08-14 22:11 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-08-14 22:07 - 2013-08-22 09:23 - 00331669 _____ () C:\WINDOWS\setupact.log 2014-08-14 21:53 - 2014-08-14 21:53 - 00033363 _____ () C:\Users\LiScho\Downloads\Addition.txt 2014-08-14 13:09 - 2014-08-14 13:09 - 00003118 _____ () C:\Users\LiScho\Desktop\Malwarebytes text datei.txt 2014-08-14 12:44 - 2013-10-28 19:09 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-14 12:43 - 2014-08-14 12:43 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-14 12:43 - 2014-08-14 12:41 - 00004611 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log 2014-08-14 12:43 - 2013-10-28 19:08 - 00000000 ____D () C:\Program Files\Java 2014-08-14 12:42 - 2013-10-03 17:40 - 00000000 ____D () C:\ProgramData\PMB Files 2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-13 21:39 - 2014-08-13 21:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-13 21:39 - 2013-09-18 19:27 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Malwarebytes 2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-13 21:39 - 2013-09-18 19:27 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-13 18:47 - 2014-08-11 22:33 - 00000000 ____D () C:\Program Files\World of Warcraft 2014-08-13 18:44 - 2014-08-10 13:07 - 00000000 ____D () C:\Program Files\Battle.net 2014-08-12 23:27 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-08-12 22:41 - 2014-06-06 21:03 - 00000000 ____D () C:\Users\LiScho\AppData\Local\SuperEasy 1-Click Backup 2014-08-12 22:38 - 2012-11-12 19:35 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Spotify 2014-08-11 22:35 - 2014-08-11 22:35 - 00001228 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk 2014-08-11 22:35 - 2014-08-10 13:07 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment 2014-08-11 22:34 - 2014-08-11 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2014-08-11 21:11 - 2013-08-22 09:22 - 00367040 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-08-10 20:48 - 2014-08-10 20:48 - 00001024 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Abelssoft 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Abelssoft 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-08-10 20:48 - 2014-08-10 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2014-08-10 20:48 - 2014-08-10 20:47 - 00000000 ____D () C:\Program Files\CHIP Updater 2014-08-10 20:46 - 2014-08-10 20:46 - 01101648 _____ () C:\Users\LiScho\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe 2014-08-10 13:26 - 2014-08-10 13:10 - 00000000 ____D () C:\Users\LiScho\Documents\StarCraft II 2014-08-10 13:21 - 2014-08-10 13:10 - 00000000 ____D () C:\Program Files\StarCraft II 2014-08-10 13:15 - 2014-08-10 13:15 - 00001071 _____ () C:\Users\Public\Desktop\StarCraft II.lnk 2014-08-10 13:15 - 2014-08-10 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2014-08-10 13:15 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-08-10 13:10 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\Battle.net 2014-08-10 13:07 - 2014-08-10 13:07 - 00001092 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Roaming\NVIDIA 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\Users\LiScho\AppData\Local\Blizzard Entertainment 2014-08-10 13:07 - 2014-08-10 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-08-10 13:06 - 2014-08-10 13:06 - 03227560 _____ (Blizzard Entertainment) C:\Users\LiScho\Downloads\StarCraft-II-Setup-deDE.exe 2014-08-10 13:06 - 2014-08-10 13:06 - 00000000 ____D () C:\ProgramData\Battle.net 2014-08-08 11:49 - 2014-08-08 11:44 - 00001111 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-08 11:49 - 2014-08-08 11:43 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-08 11:49 - 2013-10-22 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-08 11:49 - 2013-10-22 19:28 - 00000000 ____D () C:\Program Files\Avira 2014-08-08 11:43 - 2013-10-22 19:28 - 00000000 ____D () C:\ProgramData\Avira 2014-07-31 19:05 - 2012-11-09 13:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-30 20:04 - 2014-07-30 20:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-29 16:55 - 2013-10-22 17:34 - 00000000 ____D () C:\Users\LiScho 2014-07-29 16:49 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-28 20:48 - 2013-12-18 20:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-27 15:04 - 2013-12-18 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-27 13:21 - 2014-07-27 13:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi 2014-07-25 14:53 - 2013-10-22 19:28 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2014-07-25 12:55 - 2014-08-14 12:43 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-07-25 12:49 - 2014-08-14 12:43 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-07-25 12:49 - 2014-08-14 12:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-07-25 12:49 - 2014-08-14 12:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-07-18 21:16 - 2014-07-18 21:16 - 00000000 ____D () C:\ProgramData\Riot Games Files to move or delete: ==================== C:\Users\LiScho\xobglu16.dll C:\Users\LiScho\xobglu32.dll Some content of TEMP: ==================== C:\Users\LiScho\AppData\Local\Temp\avgnt.exe C:\Users\LiScho\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-12 23:25 ==================== End Of Log ============================ Weitere Probleme: zur Zeit nicht voranden. Danke für Deine Unterstützung Gruß LiScho |
|
17.08.2014, 07:20
| #6 |
| /// the machine /// TB-Ausbilder | Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo ) Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo ) |
|
| Themen zu Registrierungsschlüssel: 13 ( PUP.Optional.SearchGo ) |
| bereinigung, blick, code, datenbank, datum, detected, erforderlich, hi schrauber, ics, interface, log-datei, malicious, malwarebytes, objekte, quara, quarantäne, registrierungsschlüssel, schrauber, schutz, software, troja, trojaner-board, webseite, webseiten, werfen, windows |
Linear-Darstellung
