|
Plagegeister aller Art und deren Bekämpfung: Windows 8, Virenbefall.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.01.2015, 22:46 | #1 |
| Windows 8, Virenbefall.Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.01.2015 Suchlauf-Zeit: 21:25:41 Logdatei: log 55.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.01.04 Rootkit Datenbank: v2014.12.30.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: ******* Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 382600 Verstrichene Zeit: 23 Min, 6 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 7 Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmservice.exe, 1756, Löschen bei Neustart, [e45432c0206938fe62f318b59e6223dd] PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, 1816, Löschen bei Neustart, [eb4d9c560b7e4aece5728135877ae21e] PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, 2628, Löschen bei Neustart, [eb4d9c560b7e4aece5728135877ae21e] Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, 4748, Löschen bei Neustart, [ae8ada18aadfb482d67f547934ccef11] PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe, 5024, Löschen bei Neustart, [82b63eb44a3fd85ec98e981e34cd916f] PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmropn.exe, 4748, Löschen bei Neustart, [1721d41e008903335fe7124e2cd71fe1] PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmservice.exe, 1756, Löschen bei Neustart, [1721d41e008903335fe7124e2cd71fe1] Module: 7 PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], Registrierungsschlüssel: 25 Adware.PremierOpinion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PremierOpinion, In Quarantäne, [e45432c0206938fe62f318b59e6223dd], PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SmdmFService, Löschen bei Neustart, [eb4d9c560b7e4aece5728135877ae21e], Adware.PremierOpinion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}, In Quarantäne, [ae8ada18aadfb482d67f547934ccef11], PUP.Optional.Linkey.A, HKU\S-1-5-21-3292672608-3251690303-1879834815-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [9d9b747efb8e072fccdb8f52eb1714ec], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, Löschen bei Neustart, [5cdcb73b2e5b58de734565126a990cf4], PUP.Optional.RelevantKnowledge.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mkndcbhcgphcfkkddanakjiepeknbgle, In Quarantäne, [36026290c8c157df8500f78f20e38a76], PUP.Optional.SettingsManager.A, HKU\S-1-5-21-3292672608-3251690303-1879834815-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmdmF, In Quarantäne, [c96f0be79aef87af6a4d8becb64dbd43], PUP.Optional.Softonic.A, HKU\S-1-5-21-3292672608-3251690303-1879834815-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [013711e1f0997cba1a85adb73bc8f20e], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SettingsManagerIEHelper.DNSGuard, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKU\S-1-5-21-3292672608-3251690303-1879834815-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Settings Manager, In Quarantäne, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A91196222, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.PremierOpinion.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PremierOpinion, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], Registrierungswerte: 3 PUP.Optional.OpinionSquare.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}, C:\Program Files (x86)\PremierOpinion\firefox, In Quarantäne, [5bddbc363950d363ffa75c2d9271758b] PUP.Optional.SettingsManager, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x86, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, In Quarantäne, [32064ca6aedb2e0806334635a1628c74] PUP.Optional.SettingsManager, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x64, C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll, In Quarantäne, [290f27cb2e5b5fd760d97ffc71929868] Registrierungsdaten: 1 PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-3292672608-3251690303-1879834815-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.default-search.net?sid=476&aid=206&itype=a&ver=15005&tm=569&src=hmp, Gut: (www.google.com), Schlecht: (hxxp://www.default-search.net?sid=476&aid=206&itype=a&ver=15005&tm=569&src=hmp),Ersetzt,[52e6c42ea8e1dc5aceb081f952b3c63a] Ordner: 47 Adware.PremierOpinion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion, In Quarantäne, [e5535a984c3d102692ec0e16857e9868], PUP.Optional.RelevantKnowledge.A, C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle, In Quarantäne, [b97faa488405092dd0a2142c06fdcf31], PUP.Optional.RelevantKnowledge.A, C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.3_0, In Quarantäne, [b97faa488405092dd0a2142c06fdcf31], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf, Löschen bei Neustart, [f64201f16f1ab482ebd1b894aa596d93], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion, Löschen bei Neustart, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\components, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\defaults, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\defaults\preferences, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\addon, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\console, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\core, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\events, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\traits, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\dom, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\event, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\io, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\lang, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\loader, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\net, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\page-mod, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\platform, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\preferences, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\private-browsing, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\private-browsing\window, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\window, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\toolkit, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\data, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\lib, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], Dateien: 210 Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmservice.exe, Löschen bei Neustart, [e45432c0206938fe62f318b59e6223dd], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, Löschen bei Neustart, [eb4d9c560b7e4aece5728135877ae21e], Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, Löschen bei Neustart, [ae8ada18aadfb482d67f547934ccef11], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe, Löschen bei Neustart, [82b63eb44a3fd85ec98e981e34cd916f], Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmls.dll, In Quarantäne, [a890d9194d3c76c095c008c52bd5c838], Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmls64.dll, In Quarantäne, [55e3c2304c3d43f3f65fd4f9847c817f], Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmph.dll, In Quarantäne, [8bade50de0a93600a0b5616c22de03fd], Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn32.exe, In Quarantäne, [1127e111f8917db94213ddf0af51c23e], Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn64.exe, In Quarantäne, [ac8c6f8375146cca9eb7656826da4bb5], Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmxf.dll, In Quarantäne, [3ff96d850a7f78be59fcdcf1649cca36], Adware.PremierOpinion, C:\Windows\System32\pmls64.dll, In Quarantäne, [3206e50d2465ba7c6ee7dcf1d52bd030], Adware.PremierOpinion, C:\Windows\SysWOW64\pmls.dll, Löschen bei Neustart, [330530c2ee9bfd39cb8a7b52b947b44c], PUP.Optional.Linkey.A, C:\Users\*******\AppData\Local\Temp\SettingsManagerSetup.exe, In Quarantäne, [64d401f1ee9b77bfb852ced905fcdc24], PUP.Optional.Linkey.A, C:\Windows\Temp\c27e107a\SettingsManagerSetup.exe, In Quarantäne, [b48432c01e6bcd6943c7535447ba9868], PUP.Optional.Softonic, C:\Users\*******\Downloads\SoftonicDownloader_fuer_minecraft.exe, In Quarantäne, [ee4aba38e5a495a1822dd58508f88779], PUP.Optional.DefaultSearch.A, C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\default-search.xml, In Quarantäne, [df594aa80584033340f4b5e35ca7c53b], PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [1d1bc9293455e45272c377216a991ee2], Adware.PremierOpinion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\PremierOpinion.lnk, In Quarantäne, [e5535a984c3d102692ec0e16857e9868], PUP.Optional.RelevantKnowledge.A, C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.3_0\background.js, In Quarantäne, [b97faa488405092dd0a2142c06fdcf31], PUP.Optional.RelevantKnowledge.A, C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.3_0\contentscript.js, In Quarantäne, [b97faa488405092dd0a2142c06fdcf31], PUP.Optional.RelevantKnowledge.A, C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.3_0\manifest.json, In Quarantäne, [b97faa488405092dd0a2142c06fdcf31], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\del_DM_LL_nsbF699.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\favicon.ico, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Helper.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Internet Explorer Settings.exe, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmf.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfbho.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfbho.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr_u.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfmgrc3.cfg, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\tbicon.exe, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Uninstall.exe, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\del_DM_LL_nsbF699.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\Internet Explorer Settings.exe, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmf.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfldr.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfldr_u.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc3.cfg, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll, Löschen bei Neustart, [3ff916dc2d5c191dc2ca1136e02341bf], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\coordinator.cfg, In Quarantäne, [f64201f16f1ab482ebd1b894aa596d93], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\general.cfg, In Quarantäne, [f64201f16f1ab482ebd1b894aa596d93], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\S-1-5-21-3292672608-3251690303-1879834815-1001.cfg, In Quarantäne, [f64201f16f1ab482ebd1b894aa596d93], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\chrome.manifest, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\install.rdf, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF15.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF.xpt, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF10.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF11.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF12.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF13.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF14.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF16.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF17.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF18.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF19.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF2.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF20.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF21.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF22.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF23.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF24.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF25.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF26.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF27.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF28.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF29.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF30.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF31.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF32.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF33.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF34.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF4.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF5.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF6.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF7.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF8.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF9.dll, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\DnsBHO.js, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\Error404BHO.js, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\MainBHO.js, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NativeHelper.js, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NewTabBHO.js, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.js, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.xul, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RelatedSearch.js, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RequestPreserver.js, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SearchBHO.js, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.SettingsManager.A, C:\Users\*******\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SettingManager.js, In Quarantäne, [8dab5c96682154e23f7eb19b56ad1ce4], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\chrome.manifest, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\install.rdf, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\ncncf.dat, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\nscf.dat, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmcm.crx, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmcm.txt, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmls.dll, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmls64.dll, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmoci.bin, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmph.dll, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmropn.exe, Löschen bei Neustart, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmropn32.exe, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmropn64.exe, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmservice.exe, Löschen bei Neustart, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\pmxf.dll, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\readme.txt, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\components\pmxg.dll, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\bootstrap.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\harness-options.json, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\install.rdf, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\locales.json, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\pmnx.dll, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\defaults\preferences\prefs.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\chrome.manifest, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\base64.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\page-mod.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\private-browsing.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\self.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\timers.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\url.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\addon\runner.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\console\plain-text.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\console\traceback.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content\content-proxy.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content\content-worker.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content\loader.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content\thumbnail.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content\worker.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\core\heritage.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\core\namespace.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\core\promise.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\api-utils.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\cortex.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\errors.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\events.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\light-traits.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\list.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\memory.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\observer-service.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\traits.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\window-utils.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\events\assembler.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\traits\core.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\dom\events.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\event\core.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\event\target.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\io\byte-streams.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\io\data.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\io\file.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\io\text-streams.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n\core.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n\html.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n\loader.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n\locale.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n\prefs.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\lang\functional.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\loader\cuddlefish.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\loader\sandbox.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\net\url.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\page-mod\match-pattern.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\platform\xpcom.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\preferences\service.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\private-browsing\utils.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\private-browsing\window\utils.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\environment.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\events.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\globals.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\runtime.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\unload.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\xul-app.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\common.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\events.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\helpers.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\namespace.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\observer.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\tab-fennec.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\tab-firefox.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\tab.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\tabs-firefox.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\tabs.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\utils.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\worker.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\array.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\deprecate.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\list.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\object.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\registry.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\uuid.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\window\browser.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\window\namespace.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\window\utils.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\dom.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\fennec.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\firefox.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\loader.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\observer.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\tabs-fennec.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\tabs-firefox.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\toolkit\loader.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\data\content.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\lib\dompilot.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\lib\dputil.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.PremierOpinion.A, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\lib\main.js, In Quarantäne, [1721d41e008903335fe7124e2cd71fe1], PUP.Optional.DefaultSearch, C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaultenginename", "default-search.net");), Ersetzt,[05333cb68dfc79bd3b5fa7168085f808] PUP.Optional.DefaultSearch, C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "default-search.net");), Ersetzt,[0038fef4b7d2a5919efd8d307095c040] PUP.Optional.DefaultSearch.A, C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=476&aid=206&itype=a&ver=15005&tm=569&src=hmp");), Ersetzt,[11271bd76d1c90a6098f4876e223d12f] PUP.Optional.DefaultSearch.A, C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=206&itype=a&ver=15005&tm=569&src=ds&p=");), Ersetzt,[dc5caf43b5d4bb7b9108813d75907b85] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
01.01.2015, 22:55 | #2 |
Ruhe in Frieden † 2019 | Windows 8, Virenbefall.Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Sieht auf den ersten Blick nicht ganz so schlimm aus, aber wir müssen mal schauen. Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
02.01.2015, 14:19 | #3 |
| Windows 8, Virenbefall. FRST Additions Logfile:
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015 Ran by **** at 2015-01-02 14:16:41 Running from C:\Users\****\Downloads\*************\Installers Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACID Music Studio 9.0 (HKLM-x32\...\{7943168F-18A0-11E2-9C81-F04DA23A5C58}) (Version: 9.0.35 - Sony) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira) Call of Duty Black Ops 2 (HKLM-x32\...\{47D6F3E4-D158-4E47-84C4-0D6452DB2488}_is1) (Version: 1.0 - Treyarch) Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.53 - Cliqz.com) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.) DVD Architect Studio 5.0 (HKLM-x32\...\{4347F591-C451-11E1-BA36-F04DA23A5C58}) (Version: 5.0.161 - Sony) EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs) FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de) Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.2.1128 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{BFB6D89E-0BDF-11E2-A35E-F04DA23A5C58}) (Version: 12.0.530 - Sony) Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28146 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.) Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden Securita Scout (HKLM-x32\...\Securita Scout) (Version: - ) <==== ATTENTION Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Sound Forge Audio Studio 10.0 (HKLM-x32\...\{7A9D3D30-BEEC-11E1-91CF-F04DA23A5C58}) (Version: 10.0.178 - Sony) SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation) VAIO - Remote-Tastatur mit PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation) VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation) VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation) VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation) VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11210 - Sony Corporation) VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation) VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.1.02270 - Sony Corporation) VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation) VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation) VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation) VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation) VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation) VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.01.11140 - Sony Corporation) VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation) VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation) VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation) VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden VIx64 (Version: 1.0.0 - Sony Corporation) Hidden VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Yahoo Community Smartbar (HKLM-x32\...\{D7403121-68C2-48BC-874D-048015E60DF0}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\****\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\****\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\****\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\****\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 17-12-2014 18:12:36 Installed Remote Keyboard (BLUETOOTH) 18-12-2014 18:18:54 DirectX wurde installiert 23-12-2014 19:22:29 Steam wird entfernt 01-01-2015 03:36:00 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0C42943B-C6E4-41C7-A372-56FB10CEC848} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs" Task: {1E24FEB4-34B3-4831-890D-568968556902} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2013-02-21] (Sony Corporation) Task: {26CA54E4-4323-48B3-A77E-B8D488F5D85C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-22] (Google Inc.) Task: {28632567-8FF2-426B-A74F-B900A117B9DD} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation) Task: {3B7A0431-E97E-479A-8039-78067BE3276A} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation) Task: {3BFBB0CE-A043-4563-8280-B96B7BA618D8} - System32\Tasks\{CFE50C8D-7823-4C35-B050-A5B72811FA1D} => pcalua.exe -a C:\Users\****\AppData\Local\SafetySearch\uninstall.exe Task: {3CE639E2-D62E-471D-9B76-1E7B9E935545} - System32\Tasks\{95C02C15-C9D4-4AA2-A2C1-A09F605D934D} => pcalua.exe -a D:\setup.exe -d D:\ Task: {3FDDB6E9-F041-407D-8D7F-FAF3E8608BAB} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {44E4FC09-D9FF-49D2-9144-48EB1765C27A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-22] (Google Inc.) Task: {45B77B8A-5E3E-4D69-92B0-402C3571B7BE} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {47868FBE-CCA7-4A0A-ADA7-660C56185EF0} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation) Task: {52E44BC9-D164-48F3-BEED-B89AC2891425} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation) Task: {58544191-DDC7-413F-926E-76773CD505C5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated) Task: {594C89A9-A2A4-4980-8B1A-0DCD98098187} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {5AA89CA2-07F0-4979-BC97-DE487B295948} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {64918D2F-E3F9-4708-B2FA-82FD897A33B4} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation) Task: {6AD1A165-1033-465B-8A92-5A0361E038A4} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {6C308F6A-6092-4A48-9E8B-E50359876690} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {77E493DB-BE83-4BE5-B401-F114392839EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {812FD2C2-F87A-410D-9A14-7798901D5AC7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation) Task: {866D3C34-CBB5-46E6-B03D-2AA6837C1CF4} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation) Task: {B7B9B1E3-82F1-4CEA-9309-30A7B5099E5A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {C280DD71-0971-4DC6-BAB6-1EB53B7D85C7} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation) Task: {C567FEE8-3FB5-4066-948F-2E2A34558226} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {D6CD0B8E-6707-4197-86E9-EAD9DCE921E3} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation) Task: {DA4851AF-0EE7-4572-93D1-3EF7BCE3F6FF} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient Task: {DBAAB020-6E57-4B3B-8E92-D632EC0B5B49} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation) Task: {DC995830-BBAF-47D1-A968-F39E3771B105} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.) Task: {E97BC73F-7676-4DA8-B775-F052AE1345EE} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {ED9D3F09-5C1E-4D88-ADC5-10EB2761C4C5} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe Task: {F06A08A8-6F69-418D-AF5F-49FE7573B15A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-17] (Microsoft Corporation) Task: {F79FA871-057B-433B-87D6-CB286EF328C5} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation) Task: {F7C8EE1A-39EE-4E29-91A7-4DB7C57DE2DA} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-26 23:15 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-11-19 09:21 - 2013-11-19 09:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe 2014-07-20 23:14 - 2014-07-20 23:14 - 00374272 _____ () C:\Users\****\AppData\Roaming\BupSystem\sub\default.dll 2013-01-18 01:11 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-12-11 23:22 - 2014-12-11 23:22 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\****\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\StartupApproved\Run: => "MxDock" HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\StartupApproved\Run: => "Steam" ========================= Accounts: ========================== Administrator (S-1-5-21-3292672608-3251690303-1879834815-500 - Administrator - Disabled) Gast (S-1-5-21-3292672608-3251690303-1879834815-501 - Limited - Disabled) **** (S-1-5-21-3292672608-3251690303-1879834815-1001 - Administrator - Enabled) => C:\Users\**** ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/02/2015 02:15:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea8 Startzeit: 01d0268d65027165 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 5883b9db-9281-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 10:23:59 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1014 Startzeit: 01d0266bca780b3a Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 14299f0b-9261-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 10:20:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.1.0.9140, Zeitstempel: 0x50538abc Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x15b4 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (01/02/2015 10:10:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.1.0.9140, Zeitstempel: 0x50538abc Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x15d0 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (01/02/2015 04:38:06 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11c8 Startzeit: 01d0263ccf3b9b68 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: c2b80a05-9230-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 04:08:06 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f28 Startzeit: 01d026389e55f8e9 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 91d72d09-922c-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 03:38:06 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d0 Startzeit: 01d026346d70aa6d Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 60f440c3-9228-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 03:08:06 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b74 Startzeit: 01d026303c8b082b Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 300e9eb6-9224-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 02:53:06 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1470 Startzeit: 01d0262e241a99c1 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 179e2fe6-9222-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 02:45:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 147c Startzeit: 01d0262d108eede6 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 041959aa-9221-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (01/02/2015 10:20:56 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {BC173216-CF59-483B-BC5F-595A7D0466E6} Error: (01/02/2015 10:20:26 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {BC173216-CF59-483B-BC5F-595A7D0466E6} Error: (01/02/2015 02:42:30 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {BC173216-CF59-483B-BC5F-595A7D0466E6} Error: (01/02/2015 02:42:00 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {BC173216-CF59-483B-BC5F-595A7D0466E6} Error: (01/01/2015 10:09:01 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {BC173216-CF59-483B-BC5F-595A7D0466E6} Error: (01/01/2015 10:08:30 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {BC173216-CF59-483B-BC5F-595A7D0466E6} Error: (01/01/2015 09:59:18 PM) (Source: DCOM) (EventID: 10010) (User: VAIO) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (01/01/2015 09:59:18 PM) (Source: DCOM) (EventID: 10010) (User: VAIO) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (01/01/2015 09:58:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/01/2015 09:58:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht. Microsoft Office Sessions: ========================= Error: (01/02/2015 02:15:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689ea801d0268d650271654294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe5883b9db-9281-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 10:23:59 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689101401d0266bca780b3a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe14299f0b-9261-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 10:20:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: VESUserProxy.exe6.1.0.914050538abcSynCom.DLL6.3.9600.1727853eeb4a3c000013500098f0515b401d0266d58398e79C:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLL95e87c72-9260-11e4-bed8-a41731d8d3ca Error: (01/02/2015 10:10:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: VESUserProxy.exe6.1.0.914050538abcSynCom.DLL6.3.9600.1727853eeb4a3c000013500098f0515d001d0266bee64709aC:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLL2c941edc-925f-11e4-bed8-a41731d8d3ca Error: (01/02/2015 04:38:06 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.2068911c801d0263ccf3b9b684294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exec2b80a05-9230-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 04:08:06 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689f2801d026389e55f8e94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe91d72d09-922c-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 03:38:06 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689d001d026346d70aa6d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe60f440c3-9228-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 03:08:06 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689b7401d026303c8b082b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe300e9eb6-9224-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 02:53:06 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689147001d0262e241a99c14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe179e2fe6-9222-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/02/2015 02:45:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689147c01d0262d108eede64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe041959aa-9221-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 CodeIntegrity Errors: =================================== Date: 2015-01-01 13:51:12.397 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-01 13:51:12.288 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-01 13:50:23.309 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2015-01-01 13:50:23.168 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-28 20:12:21.390 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-28 20:12:21.296 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-28 20:10:51.066 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-28 20:10:50.941 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-27 14:13:16.490 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-27 14:13:16.381 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz Percentage of memory in use: 35% Total physical RAM: 3975.27 MB Available physical RAM: 2583.8 MB Total Pagefile: 7943.27 MB Available Pagefile: 6182.47 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:428.44 GB) (Free:318.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: ED47A296) Partition: GPT Partition Type. ==================== End Of Log ============================ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015 Ran by lilli (administrator) on VAIO on 02-01-2015 14:15:43 Running from C:\Users\lilli\Downloads\Meine Mülltonne\Installers Loaded Profile: lilli (Available profiles: lilli) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (BUP) C:\Users\lilli\AppData\Roaming\BupSystem\bup.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-26] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\RunOnce: [Adobe Speed Launcher] => 1420189771 HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\Policies\Explorer: [DisallowRun] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) BootExecute: autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [HKLM-x32] => ProxyEnable is set. ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49790;https=127.0.0.1:49790 ProxyEnable: [S-1-5-21-3292672608-3251690303-1879834815-1001] => Internet Explorer proxy is enabled. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=206&itype=a&ver=15005&tm=569&src=ds&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=206&itype=a&ver=15005&tm=569&src=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001 -> DefaultScope {4C434161-3A93-4930-9D0E-038FD29EDC43} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001 -> {4C434161-3A93-4930-9D0E-038FD29EDC43} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=206&itype=a&ver=15005&tm=569&src=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001 -> {B281959D-0D50-47CB-BD6F-46DCEA47C4B9} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF DefaultSearchEngine: 1&1 Suche FF SearchEngineOrder.1: default-search.net FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3292672608-3251690303-1879834815-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File FF Plugin HKU\S-1-5-21-3292672608-3251690303-1879834815-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF user.js: detected! => C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\user.js FF SearchPlugin: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\webde-suche.xml FF Extension: Securita Scout - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\plug@securitascout.com [2014-07-20] FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\sparpilot@sparpilot.com [2014-12-10] FF Extension: Cliqz Beta - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\cliqz@cliqz.com.xpi [2014-12-23] FF Extension: Dict.cc Translation - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\searchdictcc@roughael.xpi [2014-02-06] FF Extension: Tab Updater - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{55dcbefc-9aee-466f-9c9c-15e792724dd4}.xpi [2014-08-10] FF Extension: {9d2201b0-125f-4d8f-ab37-93446f702158} - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{9d2201b0-125f-4d8f-ab37-93446f702158}.xpi [2014-07-24] FF Extension: Adblock Plus - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-03] FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-12-11] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-12-22] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\extensions\cliqz@cliqz.com Chrome: ======= CHR HomePage: Default -> CHR DefaultSearchKeyword: Default -> 42F6E8BE048717FD250B42F9EEA3283CD3B5149BF262C375DA8B14B231469467 CHR DefaultSearchURL: Default -> 66E7675B4F3335AA3CF5CC5A5824ECA1524996BB369F834684DC2B4574DEE592 CHR Profile: C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-17] CHR Extension: (Google Drive) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-17] CHR Extension: (Google-Suche) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-17] CHR Extension: (Amazon-Icon) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-07-22] CHR Extension: (Securita Scout) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-07-20] CHR Extension: (Google Wallet) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-17] CHR Extension: (Google Mail) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-17] CHR Extension: (Default-Search) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\poimdfnhgefmnkeefbjibbiemlimdnof [2014-12-22] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\lilli\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-07-20] CHR HKLM-x32\...\Chrome\Extension: [poimdfnhgefmnkeefbjibbiemlimdnof] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-26] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-26] (Avira Operations GmbH & Co. KG) R2 bupService; C:\Users\lilli\AppData\Roaming\BupSystem\bup.exe [642048 2014-04-14] (BUP) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-08] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-08] (McAfee, Inc.) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation) S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed] R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-08] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-08] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-08] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-08] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-08] (McAfee, Inc.) R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-06-08] () R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 BTATH_VDP; \SystemRoot\system32\drivers\btath_vdp.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-01 22:23 - 2015-01-01 22:23 - 01114624 _____ (Farbar) C:\Users\lilli\Downloads\FRST.exe 2015-01-01 21:22 - 2015-01-01 22:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-01 21:22 - 2015-01-01 21:22 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-01 21:22 - 2015-01-01 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-01 21:22 - 2015-01-01 21:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-01 21:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-01 21:22 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-01 21:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-31 15:26 - 2014-12-31 15:26 - 00000000 ____D () C:\Users\lilli\Documents\Movie Studio Platinum 12.0 Projekte 2014-12-28 16:43 - 2014-12-28 16:43 - 01174352 _____ () C:\Users\lilli\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-12-23 01:43 - 2014-12-23 01:43 - 01080608 _____ (Unity Technologies ApS) C:\Users\lilli\Downloads\UnityWebPlayer.exe 2014-12-23 00:29 - 2015-01-02 10:21 - 00000000 ___RD () C:\Users\lilli\OneDrive 2014-12-22 17:43 - 2015-01-01 21:57 - 00000000 ____D () C:\Program Files (x86)\Settings Manager 2014-12-22 17:43 - 2015-01-01 21:54 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\FirefoxToolbar 2014-12-22 16:01 - 2014-12-22 16:01 - 00000000 ____D () C:\Users\lilli\Documents\libraries 2014-12-22 16:00 - 2014-12-22 16:01 - 00000316 _____ () C:\Users\lilli\Documents\launcher_profiles.json 2014-12-22 15:54 - 2014-12-22 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-22 15:54 - 2013-01-18 01:16 - 01034216 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll 2014-12-22 15:54 - 2013-01-18 01:16 - 00916456 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2014-12-22 15:53 - 2014-12-22 15:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-22 15:49 - 2014-12-22 16:00 - 00000000 ____D () C:\Users\lilli\Downloads\minecraft cracked launcher 2014-12-22 15:48 - 2014-12-22 15:48 - 01174352 _____ () C:\Users\lilli\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe 2014-12-22 15:48 - 2014-12-22 15:48 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\Cliqz 2014-12-22 15:48 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll 2014-12-22 15:48 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll 2014-12-22 15:38 - 2014-12-22 16:01 - 00000000 ____D () C:\Users\lilli\Documents\versions 2014-12-22 15:28 - 2014-12-22 15:30 - 00000000 ____D () C:\Users\lilli\minecraft 2014-12-19 16:36 - 2014-12-22 15:56 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\.minecraft 2014-12-18 18:05 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2014-12-16 20:53 - 2014-12-16 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-12-16 20:53 - 2014-12-16 20:53 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-12-13 05:16 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-13 05:16 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-11 23:47 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-11 23:47 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-11 23:46 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-11 23:46 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 23:37 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 23:37 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-11 23:37 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-11 23:37 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-11 23:37 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 23:37 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 23:37 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 23:37 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 23:35 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 23:35 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 23:35 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 23:35 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 23:35 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 23:35 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 23:35 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 23:35 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 23:35 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 23:35 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 23:35 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 23:35 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 23:35 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 23:35 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 23:35 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 23:35 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 23:35 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 23:35 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 23:35 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 23:35 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 23:35 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 23:35 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 23:35 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 23:35 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 23:35 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 23:35 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 23:34 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 23:34 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 23:34 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 23:34 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 23:34 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 23:34 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 23:34 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 23:34 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 23:34 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 23:34 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 23:34 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 23:34 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 23:34 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 23:22 - 2014-12-11 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-10 01:55 - 2014-12-16 20:53 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-12-10 01:53 - 2014-12-10 01:55 - 00000000 ____D () C:\Users\lilli\AppData\Local\Adobe 2014-12-03 18:05 - 2014-12-18 18:27 - 00000000 ____D () C:\Neuer Ordner ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-02 14:15 - 2013-12-29 14:32 - 00000000 ____D () C:\FRST 2015-01-02 14:12 - 2014-07-14 19:47 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E224C277-5ECC-4FD1-8C88-6A01FE5D7476} 2015-01-02 14:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-02 10:23 - 2013-06-25 22:25 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3292672608-3251690303-1879834815-1001 2015-01-02 04:31 - 2013-07-17 11:41 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-01 22:10 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-01 22:10 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-01 22:10 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-01 22:07 - 2014-07-07 00:18 - 01529925 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-01 21:58 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-01 21:57 - 2014-07-17 13:07 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-01 21:57 - 2014-03-18 02:50 - 00219798 _____ () C:\WINDOWS\PFRO.log 2015-01-01 21:57 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-01 19:25 - 2013-08-22 15:46 - 00292362 _____ () C:\WINDOWS\setupact.log 2014-12-31 15:26 - 2013-12-19 18:38 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\Sony 2014-12-31 15:26 - 2013-06-25 22:34 - 00000000 ____D () C:\Users\lilli\AppData\Local\Sony 2014-12-29 19:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-29 19:06 - 2013-06-25 22:15 - 00000000 ____D () C:\Users\lilli\AppData\Local\Packages 2014-12-28 20:11 - 2014-07-06 23:57 - 00000000 ____D () C:\Users\lilli 2014-12-25 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-23 19:23 - 2014-02-08 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games 2014-12-23 18:06 - 2014-02-07 11:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 15:54 - 2013-01-18 01:16 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-12-22 15:53 - 2013-01-18 01:16 - 00320936 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00191400 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00190888 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00000000 ____D () C:\Program Files\Java 2014-12-22 15:36 - 2014-03-11 14:00 - 00000000 ____D () C:\Users\lilli\Downloads\Meine Mülltonne 2014-12-18 18:32 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-18 18:20 - 2013-01-18 01:33 - 00314928 _____ () C:\WINDOWS\DirectX.log 2014-12-17 18:17 - 2014-02-17 17:03 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\iolo 2014-12-17 18:13 - 2014-02-17 17:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main 2014-12-17 18:13 - 2014-02-17 17:23 - 00000000 ____D () C:\Program Files (x86)\Sony Corporation 2014-12-17 18:13 - 2013-06-30 01:52 - 00000000 ____D () C:\Update 2014-12-17 18:13 - 2013-01-18 01:18 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-12-17 18:13 - 2013-01-18 01:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-17 18:13 - 2013-01-18 00:52 - 00000000 ____D () C:\Program Files\Sony 2014-12-17 18:11 - 2013-08-14 01:16 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-17 18:07 - 2013-06-27 02:23 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-17 17:33 - 2013-01-18 01:21 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-12-17 17:32 - 2013-01-18 01:57 - 00000000 ____D () C:\ProgramData\Sony 2014-12-16 16:47 - 2013-07-03 00:15 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\CyberLink 2014-12-12 02:21 - 2013-07-03 00:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-12-11 23:21 - 2013-01-18 01:41 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 01:54 - 2013-07-17 11:41 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-12-10 01:11 - 2014-01-29 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware Some content of TEMP: ==================== C:\Users\lilli\AppData\Local\Temp\amazonicon_v6.exe C:\Users\lilli\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\lilli\AppData\Local\Temp\DseShExt-x64.dll C:\Users\lilli\AppData\Local\Temp\DseShExt-x86.dll C:\Users\lilli\AppData\Local\Temp\foxy_security.exe C:\Users\lilli\AppData\Local\Temp\mbam-setup-2.0.2.1012.exe C:\Users\lilli\AppData\Local\Temp\OptimizerPro.exe C:\Users\lilli\AppData\Local\Temp\sdanircmdc.exe C:\Users\lilli\AppData\Local\Temp\sdapskill.exe C:\Users\lilli\AppData\Local\Temp\sdaspwn.exe C:\Users\lilli\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\lilli\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\lilli\AppData\Local\Temp\SHSetup.exe C:\Users\lilli\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-02 04:48 ==================== End Of Log ============================ --- --- --- |
03.01.2015, 23:02 | #4 |
Ruhe in Frieden † 2019 | Windows 8, Virenbefall. Hallo, Schritt 1 Bitte deinstalliere folgende Programme: Securita Scout Yahoo Community Smartbar McAfee Security Scan Plus Dazu drücke auf: Windowstaste und X dann: Programme und Funktionen --> Programm auswählen --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Starte noch einmal FRST.
|
07.01.2015, 15:49 | #5 |
| Windows 8, Virenbefall. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 07/01/2015 um 15:38:15 # Aktualisiert 21/12/2014 von Xplode # Database : 2015-01-03.1 [Live] # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : ***** - VAIO # Gestartet von : C:\Users\*****\Downloads\AdwCleaner_4.106.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\ParetoLogic Ordner Gelöscht : C:\ProgramData\Systweak Ordner Gelöscht : C:\Program Files (x86)\Bench Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro Ordner Gelöscht : C:\Program Files (x86)\Settings Manager Ordner Gelöscht : C:\Users\*****\AppData\Local\Temp\Security Systems Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\*****\AppData\Local\genienext Ordner Gelöscht : C:\Users\*****\AppData\Local\Mobogenie Ordner Gelöscht : C:\Users\*****\AppData\LocalLow\Softonic Ordner Gelöscht : C:\Users\*****\AppData\Roaming\DriverCure Ordner Gelöscht : C:\Users\*****\AppData\Roaming\FirefoxToolbar Ordner Gelöscht : C:\Users\*****\AppData\Roaming\ParetoLogic Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\*****\Documents\Mobogenie Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\sparpilot@sparpilot.com Ordner Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Datei Gelöscht : C:\END Datei Gelöscht : C:\Users\*****\AppData\Local\Temp\OptimizerPro.exe Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe Datei Gelöscht : C:\Users\*****\daemonprocess.txt Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\11-suche.xml Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\user.js ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Alle Enthusiastenspiele.lnk Verknüpfung Desinfiziert : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gelöscht : HKCU\Software\Fabulous Schlüssel Gelöscht : HKCU\Software\Linkey Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Optimizer Pro Schlüssel Gelöscht : HKCU\Software\ParetoLogic Schlüssel Gelöscht : HKCU\Software\Proxy Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\SOFTWARE\Bench Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic Schlüssel Gelöscht : HKLM\SOFTWARE\Proxy Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v34.0.5 (x86 de) [fo1xyvwa.default\prefs.js] - Zeile gelöscht : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}"); [fo1xyvwa.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml"); [fo1xyvwa.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "default-search.net"); [fo1xyvwa.default\prefs.js] - Zeile gelöscht : user_pref("iminent.adapters", "{\"de.iminent.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"14055997344248[...] [fo1xyvwa.default\prefs.js] - Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"queryStri[...] [fo1xyvwa.default\prefs.js] - Zeile gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}"); -\\ Google Chrome v39.0.2171.95 [C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=60e09e9a-3d3d-2710-2018-4a70a4824d9a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/12/2013&type=hp1000 [C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=60e09e9a-3d3d-2710-2018-4a70a4824d9a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/12/2013&type=hp1000 [C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=60e09e9a-3d3d-2710-2018-4a70a4824d9a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=22/12/2013&type=hp1000 ************************* AdwCleaner[R0].txt - [10563 octets] - [07/01/2015 15:36:20] AdwCleaner[S0].txt - [9901 octets] - [07/01/2015 15:38:15] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9961 octets] ########## [/CODE] FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01 Ran by ******** at 2015-01-07 15:43:25 Running from C:\Users\********\Downloads\********\Installers\FRST-OlderVersion Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== ACID Music Studio 9.0 (x32 Version: 9.0.35 - Sony) Adobe Flash Player 16 NPAPI (x32 Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) MUI (x32 Version: 11.0.10 - Adobe Systems Incorporated) Avira Free Antivirus (x32 Version: 14.0.3.338 - Avira) Cliqz (x32 Version: 0.5.53 - Cliqz.com) CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden CyberLink PowerDVD (x32 Version: 9.0.6426.52 - CyberLink Corp.) CyberLink PowerDVD (x32 Version: 9.0.6426.52 - CyberLink Corp.) Hidden DVD Architect Studio 5.0 (x32 Version: 5.0.161 - Sony) EAX4 Unified Redist (x32 Version: 4.001 - Creative Labs) FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden FLV-Media-Player (x32 Version: 2.0.3.2532 - HYBRIDWEB.de) Free Studio version 2013 (x32 Version: 6.2.2.1128 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.41.623 (x32 Version: 3.2.41.623 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.17.1127 (x32 Version: 3.12.17.1127 - DVDVideoSoft Ltd.) Google Chrome (x32 Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (x32 Version: 10.18.10.3621 - Intel Corporation) Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Java 8 Update 25 (64-bit) (Version: 8.0.250 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH) KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (x32 Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Office 365 - de-de (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft SkyDrive (HKCU Version: 16.4.6012.0828 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Movie Studio Platinum 12.0 (64-bit) (Version: 12.0.530 - Sony) Mozilla Firefox 34.0.5 (x86 de) (x32 Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (x32 Version: 29.0.1 - Mozilla) MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.) Realtek Card Reader (x32 Version: 6.2.9600.28146 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6695 - Realtek Semiconductor Corp.) Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group) Shared C Run-time for x64 (Version: 10.0.0 - McAfee) Sound Forge Audio Studio 10.0 (x32 Version: 10.0.178 - Sony) SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT) VAIO - Remote-Tastatur (x32 Version: 1.2.0.09270 - Sony Corporation) VAIO - Remote-Tastatur mit PlayStation®3 (x32 Version: 1.2.0.09210 - Sony Corporation) VAIO - Xperia Link (x32 Version: 1.3.2.07020 - Sony Corporation) VAIO Care (Version: 8.4.0.14286 - Sony Corporation) VAIO Care Recovery (Version: 1.1.2.13230 - Sony Corporation) VAIO Care-Hardwarediagnose-Plugin (x32 Version: 4.11.1.11210 - Sony Corporation) VAIO Control Center (x32 Version: 6.1.0.10300 - Sony Corporation) VAIO Data Restore Tool (x32 Version: 1.10.0.07270 - Sony Corporation) VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden VAIO Gate (x32 Version: 3.0.1.02270 - Sony Corporation) VAIO Gate Default (x32 Version: 3.1.0.10240 - Sony Corporation) VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden VAIO Image Optimizer (x32 Version: 3.3.00.10220 - Sony Corporation) VAIO Improvement (x32 Version: 2.1.0.10220 - Sony Corporation) VAIO Media Server Settings (Version: 1.0.1.10170 - Sony Corporation) VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden VAIO Movie Creator (x32 Version: 4.3.01.11140 - Sony Corporation) VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden VAIO Update (x32 Version: 7.0.1.02280 - Sony Corporation) VAIO*CPU-Lüfterdiagnose (x32 Version: 1.1.0.09200 - Sony Corporation) VAIO-Support für Übertragungen (x32 Version: 1.9.0.11060 - Sony Corporation) VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden VIx64 (Version: 1.0.0 - Sony Corporation) Hidden VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden WEB.DE MailCheck für Mozilla Firefox (x32 Version: 2.10.1.1735 - 1&1 Mail & Media GmbH) WinRAR 5.01 (32-bit) (x32 Version: 5.01.0 - win.rar GmbH) XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden ==================== Restore Points ========================= 17-12-2014 17:12:36 Installed Remote Keyboard (BLUETOOTH) 18-12-2014 17:18:54 DirectX wurde installiert 23-12-2014 18:22:29 Steam wird entfernt 01-01-2015 02:36:00 Geplanter Prüfpunkt 07-01-2015 14:29:12 Revo Uninstaller's restore point - Yahoo Community Smartbar ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0C42943B-C6E4-41C7-A372-56FB10CEC848} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs" Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {1E24FEB4-34B3-4831-890D-568968556902} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2013-02-21] (Sony Corporation) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {26CA54E4-4323-48B3-A77E-B8D488F5D85C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-22] (Google Inc.) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3B7A0431-E97E-479A-8039-78067BE3276A} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation) Task: {3FDDB6E9-F041-407D-8D7F-FAF3E8608BAB} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {44E4FC09-D9FF-49D2-9144-48EB1765C27A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-22] (Google Inc.) Task: {45B77B8A-5E3E-4D69-92B0-402C3571B7BE} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {47868FBE-CCA7-4A0A-ADA7-660C56185EF0} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {52E44BC9-D164-48F3-BEED-B89AC2891425} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation) Task: {58544191-DDC7-413F-926E-76773CD505C5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated) Task: {594C89A9-A2A4-4980-8B1A-0DCD98098187} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {5AA89CA2-07F0-4979-BC97-DE487B295948} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {64918D2F-E3F9-4708-B2FA-82FD897A33B4} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6AD1A165-1033-465B-8A92-5A0361E038A4} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {6C308F6A-6092-4A48-9E8B-E50359876690} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77E493DB-BE83-4BE5-B401-F114392839EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {812FD2C2-F87A-410D-9A14-7798901D5AC7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation) Task: {866D3C34-CBB5-46E6-B03D-2AA6837C1CF4} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {938A4380-6468-41D5-9CFB-AB0174210177} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {B7B9B1E3-82F1-4CEA-9309-30A7B5099E5A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {BEA87C79-8CFB-4C01-A6FC-77DCAB66CC64} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation) Task: {C280DD71-0971-4DC6-BAB6-1EB53B7D85C7} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation) Task: {C567FEE8-3FB5-4066-948F-2E2A34558226} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D24725FB-8898-4993-A04B-AD7E37347451} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {D6CD0B8E-6707-4197-86E9-EAD9DCE921E3} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DA4851AF-0EE7-4572-93D1-3EF7BCE3F6FF} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient Task: {DBAAB020-6E57-4B3B-8E92-D632EC0B5B49} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation) Task: {DC995830-BBAF-47D1-A968-F39E3771B105} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {E97BC73F-7676-4DA8-B775-F052AE1345EE} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: {ED9D3F09-5C1E-4D88-ADC5-10EB2761C4C5} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe Task: {F06A08A8-6F69-418D-AF5F-49FE7573B15A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-17] (Microsoft Corporation) Task: {F79FA871-057B-433B-87D6-CB286EF328C5} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation) Task: {F7C8EE1A-39EE-4E29-91A7-4DB7C57DE2DA} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-19 09:21 - 2013-11-19 09:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\********\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.) Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (01/07/2015 03:42:08 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.1.0.9140, Zeitstempel: 0x50538abc Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x6f0 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (01/07/2015 03:41:34 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.1.0.9140, Zeitstempel: 0x50538abc Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0xe4 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (01/07/2015 03:32:34 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 428 Startzeit: 01d02a860a3cb8dd Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: fdbe86aa-9679-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/07/2015 02:57:38 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fb0 Startzeit: 01d02a812c2925a4 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 1fb20870-9675-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/07/2015 02:54:00 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.1.0.9140, Zeitstempel: 0x50538abc Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x99c Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (01/07/2015 02:53:28 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.1.0.9140, Zeitstempel: 0x50538abc Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x6bc Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (01/07/2015 01:37:39 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1444 Startzeit: 01d02a75fb96f167 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: f02effa4-9669-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (01/07/2015 01:33:54 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.1.0.9140, Zeitstempel: 0x50538abc Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x1378 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (01/07/2015 01:33:22 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: VESUserProxy.exe, Version: 6.1.0.9140, Zeitstempel: 0x50538abc Name des fehlerhaften Moduls: SynCom.DLL, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3 Ausnahmecode: 0xc0000135 Fehleroffset: 0x00098f05 ID des fehlerhaften Prozesses: 0x1270 Startzeit der fehlerhaften Anwendung: 0xVESUserProxy.exe0 Pfad der fehlerhaften Anwendung: VESUserProxy.exe1 Pfad des fehlerhaften Moduls: VESUserProxy.exe2 Berichtskennung: VESUserProxy.exe3 Vollständiger Name des fehlerhaften Pakets: VESUserProxy.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VESUserProxy.exe5 Error: (01/03/2015 08:05:22 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 127c Startzeit: 01d0278783381e85 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 76b97766-937b-11e4-bed8-a41731d8d3ca Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (01/07/2015 03:42:38 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {BC173216-CF59-483B-BC5F-595A7D0466E6} Error: (01/07/2015 03:42:08 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {BC173216-CF59-483B-BC5F-595A7D0466E6} Error: (01/07/2015 03:40:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/07/2015 03:40:06 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht. Error: (01/07/2015 03:40:05 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/07/2015 03:40:05 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht. Error: (01/07/2015 03:38:24 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Intel(R) System Behavior Tracker Collector Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/07/2015 03:38:24 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Energy Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/07/2015 03:38:24 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/07/2015 03:38:24 PM) (Source: Service Control Manager) (User: ) Description: Dienst "VUAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (01/07/2015 03:42:08 PM) (Source: Application Error)(User: ) Description: VESUserProxy.exe6.1.0.914050538abcSynCom.DLL6.3.9600.1727853eeb4a3c000013500098f056f001d02a881cec79deC:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLL5a9dc9a4-967b-11e4-bed9-a41731d8d3ca Error: (01/07/2015 03:41:34 PM) (Source: Application Error)(User: ) Description: VESUserProxy.exe6.1.0.914050538abcSynCom.DLL6.3.9600.1727853eeb4a3c000013500098f05e401d02a8807242113C:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLL46a8c498-967b-11e4-bed9-a41731d8d3ca Error: (01/07/2015 03:32:34 PM) (Source: Application Hang)(User: ) Description: LiveComm.exe17.5.9600.2068942801d02a860a3cb8dd4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exefdbe86aa-9679-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/07/2015 02:57:38 PM) (Source: Application Hang)(User: ) Description: LiveComm.exe17.5.9600.20689fb001d02a812c2925a44294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe1fb20870-9675-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/07/2015 02:54:00 PM) (Source: Application Error)(User: ) Description: VESUserProxy.exe6.1.0.914050538abcSynCom.DLL6.3.9600.1727853eeb4a3c000013500098f0599c01d02a81638c0451C:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLLa13d5411-9674-11e4-bed8-a41731d8d3ca Error: (01/07/2015 02:53:28 PM) (Source: Application Error)(User: ) Description: VESUserProxy.exe6.1.0.914050538abcSynCom.DLL6.3.9600.1727853eeb4a3c000013500098f056bc01d02a815036cb3fC:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLL8e36c969-9674-11e4-bed8-a41731d8d3ca Error: (01/07/2015 01:37:39 PM) (Source: Application Hang)(User: ) Description: LiveComm.exe17.5.9600.20689144401d02a75fb96f1674294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exef02effa4-9669-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (01/07/2015 01:33:54 PM) (Source: Application Error)(User: ) Description: VESUserProxy.exe6.1.0.914050538abcSynCom.DLL6.3.9600.1727853eeb4a3c000013500098f05137801d02a763324ff97C:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLL70d8b1c7-9669-11e4-bed8-a41731d8d3ca Error: (01/07/2015 01:33:22 PM) (Source: Application Error)(User: ) Description: VESUserProxy.exe6.1.0.914050538abcSynCom.DLL6.3.9600.1727853eeb4a3c000013500098f05127001d02a761f9b25e8C:\Program Files (x86)\Sony\VAIO Control Center\VESUserProxy.exeSynCom.DLL5da4ae86-9669-11e4-bed8-a41731d8d3ca Error: (01/03/2015 08:05:22 PM) (Source: Application Hang)(User: ) Description: LiveComm.exe17.5.9600.20689127c01d0278783381e854294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe76b97766-937b-11e4-bed8-a41731d8d3camicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 CodeIntegrity Errors: =================================== Date: 2015-01-01 13:51:12.397 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-01 13:51:12.288 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-01 13:50:23.309 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2015-01-01 13:50:23.168 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-28 20:12:21.390 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-28 20:12:21.296 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-28 20:10:51.066 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-28 20:10:50.941 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-27 14:13:16.490 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-27 14:13:16.381 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 3975.27 MB Available physical RAM: 2861.26 MB Total Pagefile: 7943.27 MB Available Pagefile: 6797.69 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:428.44 GB) (Free:320.57 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: ED47A296) Partition: GPT Partition Type ==================== End Of Log ============================ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01 (ATTENTION: ====> FRST version is 328 days old and could be outdated) Ran by ******** (administrator) on VAIO on 07-01-2015 15:42:24 Running from C:\Users\********\Downloads\********\Installers\FRST-OlderVersion Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (McAfee, Inc.) C:\Windows\system32\mfevtps.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\DllHost.exe (Microsoft Corporation) C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE (Microsoft Corporation) C:\Windows\System32\skydrive.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor) HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-26] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\RunOnce: [Adobe Speed Launcher] - 1420641654 HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\Policies\Explorer: [DisallowRun] 1 ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKCU - {4C434161-3A93-4930-9D0E-038FD29EDC43} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKCU - {B281959D-0D50-47CB-BD6F-46DCEA47C4B9} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default FF DefaultSearchEngine: 1&1 Suche FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Cliqz Beta - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\cliqz@cliqz.com.xpi [2014-12-23] FF Extension: Dict.cc Translation - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\searchdictcc@roughael.xpi [2014-02-06] FF Extension: Tab Updater - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{55dcbefc-9aee-466f-9c9c-15e792724dd4}.xpi [2014-08-10] FF Extension: {9d2201b0-125f-4d8f-ab37-93446f702158} - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{9d2201b0-125f-4d8f-ab37-93446f702158}.xpi [2014-07-24] FF Extension: Adblock Plus - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-03] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Extension: (Google Docs) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-17] CHR Extension: (Google Drive) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-17] CHR Extension: (Google Search) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-17] CHR Extension: (Google Wallet) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-17] CHR Extension: (Gmail) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-17] CHR Extension: (Default-Search) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\poimdfnhgefmnkeefbjibbiemlimdnof [2014-12-22] ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-26] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-26] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-08] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-08] (McAfee, Inc.) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation) U2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation) S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39744 2014-10-13] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-08] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-08] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-08] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-08] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-08] (McAfee, Inc.) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-03-18] (Microsoft Corporation) R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-06-08] () S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-18] (Microsoft Corporation) R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-03-18] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-07-07] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 BTATH_VDP; \SystemRoot\system32\drivers\btath_vdp.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2015-01-07 15:36 - 2015-01-07 15:38 - 00000000 ____D () C:\AdwCleaner 2015-01-07 15:35 - 2015-01-07 15:35 - 02173952 _____ () C:\Users\********\Downloads\AdwCleaner_4.106.exe 2015-01-07 15:28 - 2015-01-07 15:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\********\Downloads\revosetup95.exe 2015-01-07 15:28 - 2015-01-07 15:28 - 00001284 _____ () C:\Users\********\Desktop\Revo Uninstaller.lnk 2015-01-07 15:28 - 2015-01-07 15:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-01 22:23 - 2015-01-01 22:23 - 01114624 _____ (Farbar) C:\Users\********\Downloads\FRST.exe 2015-01-01 21:22 - 2015-01-01 22:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-01 21:22 - 2015-01-01 21:22 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-01 21:22 - 2015-01-01 21:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-01 21:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-01 21:22 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-01 21:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-31 15:26 - 2014-12-31 15:26 - 00000000 ____D () C:\Users\********\Documents\Movie Studio Platinum 12.0 Projekte 2014-12-28 16:43 - 2014-12-28 16:43 - 01174352 _____ () C:\Users\********\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-12-23 01:43 - 2014-12-23 01:43 - 01080608 _____ (Unity Technologies ApS) C:\Users\********\Downloads\UnityWebPlayer.exe 2014-12-23 00:29 - 2015-01-07 15:40 - 00000000 ___RD () C:\Users\********\OneDrive 2014-12-22 16:01 - 2014-12-22 16:01 - 00000000 ____D () C:\Users\********\Documents\libraries 2014-12-22 16:00 - 2014-12-22 16:01 - 00000316 _____ () C:\Users\********\Documents\launcher_profiles.json 2014-12-22 15:54 - 2013-01-18 01:16 - 01034216 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll 2014-12-22 15:54 - 2013-01-18 01:16 - 00916456 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2014-12-22 15:53 - 2014-12-22 15:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-22 15:49 - 2014-12-22 16:00 - 00000000 ____D () C:\Users\********\Downloads\minecraft cracked launcher 2014-12-22 15:48 - 2014-12-22 15:48 - 01174352 _____ () C:\Users\********\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe 2014-12-22 15:48 - 2014-12-22 15:48 - 00000000 ____D () C:\Users\********\AppData\Roaming\Cliqz 2014-12-22 15:48 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll 2014-12-22 15:48 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll 2014-12-22 15:38 - 2014-12-22 16:01 - 00000000 ____D () C:\Users\********\Documents\versions 2014-12-22 15:28 - 2014-12-22 15:30 - 00000000 ____D () C:\Users\********\minecraft 2014-12-19 16:36 - 2014-12-22 15:56 - 00000000 ____D () C:\Users\********\AppData\Roaming\.minecraft 2014-12-18 18:05 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2014-12-13 05:16 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-13 05:16 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-11 23:47 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-11 23:47 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-11 23:46 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-11 23:46 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 23:37 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 23:37 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-11 23:37 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-11 23:37 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-11 23:37 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 23:37 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 23:37 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 23:37 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 23:35 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 23:35 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 23:35 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 23:35 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 23:35 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 23:35 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 23:35 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 23:35 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 23:35 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 23:35 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 23:35 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 23:35 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 23:35 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 23:35 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 23:35 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 23:35 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 23:35 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 23:35 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 23:35 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 23:35 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 23:35 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 23:35 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 23:35 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 23:35 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 23:35 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 23:35 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 23:34 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 23:34 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 23:34 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 23:34 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 23:34 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 23:34 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 23:34 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 23:34 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 23:34 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 23:34 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 23:34 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 23:34 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 23:34 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 23:22 - 2014-12-11 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-10 01:53 - 2014-12-10 01:55 - 00000000 ____D () C:\Users\********\AppData\Local\Adobe ==================== One Month Modified Files and Folders ======= 2015-01-07 15:42 - 2013-12-29 14:32 - 00000000 ____D () C:\FRST 2015-01-07 15:40 - 2014-12-23 00:29 - 00000000 ___RD () C:\Users\********\OneDrive 2015-01-07 15:40 - 2014-07-07 00:18 - 01635075 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-07 15:40 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-07 15:39 - 2014-03-18 02:50 - 00220818 _____ () C:\WINDOWS\PFRO.log 2015-01-07 15:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-07 15:38 - 2015-01-07 15:36 - 00000000 ____D () C:\AdwCleaner 2015-01-07 15:38 - 2014-07-06 23:57 - 00000000 ____D () C:\Users\******** 2015-01-07 15:38 - 2013-12-22 13:46 - 00001095 _____ () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2015-01-07 15:35 - 2015-01-07 15:35 - 02173952 _____ () C:\Users\********\Downloads\AdwCleaner_4.106.exe 2015-01-07 15:34 - 2014-02-08 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games 2015-01-07 15:34 - 2013-06-25 22:25 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3292672608-3251690303-1879834815-1001 2015-01-07 15:31 - 2013-07-17 11:41 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-07 15:28 - 2015-01-07 15:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\********\Downloads\revosetup95.exe 2015-01-07 15:28 - 2015-01-07 15:28 - 00001284 _____ () C:\Users\********\Desktop\Revo Uninstaller.lnk 2015-01-07 15:28 - 2015-01-07 15:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-07 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-07 13:36 - 2014-07-14 19:47 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E224C277-5ECC-4FD1-8C88-6A01FE5D7476} 2015-01-02 23:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-02 23:16 - 2013-06-25 22:15 - 00000000 ____D () C:\Users\********\AppData\Local\Packages 2015-01-01 22:39 - 2015-01-01 21:22 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-01 22:23 - 2015-01-01 22:23 - 01114624 _____ (Farbar) C:\Users\********\Downloads\FRST.exe 2015-01-01 22:10 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-01 22:10 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-01 22:10 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-01 21:57 - 2014-07-17 13:07 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-01 21:22 - 2015-01-01 21:22 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-01 21:22 - 2015-01-01 21:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-01 19:25 - 2013-08-22 15:46 - 00292362 _____ () C:\WINDOWS\setupact.log 2014-12-31 15:26 - 2014-12-31 15:26 - 00000000 ____D () C:\Users\********\Documents\Movie Studio Platinum 12.0 Projekte 2014-12-31 15:26 - 2013-12-19 18:38 - 00000000 ____D () C:\Users\********\AppData\Roaming\Sony 2014-12-31 15:26 - 2013-06-25 22:34 - 00000000 ____D () C:\Users\********\AppData\Local\Sony 2014-12-28 16:43 - 2014-12-28 16:43 - 01174352 _____ () C:\Users\********\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-12-25 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-23 18:06 - 2014-02-07 11:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-23 01:43 - 2014-12-23 01:43 - 01080608 _____ (Unity Technologies ApS) C:\Users\********\Downloads\UnityWebPlayer.exe 2014-12-22 16:01 - 2014-12-22 16:01 - 00000000 ____D () C:\Users\********\Documents\libraries 2014-12-22 16:01 - 2014-12-22 16:00 - 00000316 _____ () C:\Users\********\Documents\launcher_profiles.json 2014-12-22 16:01 - 2014-12-22 15:38 - 00000000 ____D () C:\Users\********\Documents\versions 2014-12-22 16:00 - 2014-12-22 15:49 - 00000000 ____D () C:\Users\********\Downloads\minecraft cracked launcher 2014-12-22 15:56 - 2014-12-19 16:36 - 00000000 ____D () C:\Users\********\AppData\Roaming\.minecraft 2014-12-22 15:54 - 2013-01-18 01:16 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-12-22 15:53 - 2014-12-22 15:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-22 15:53 - 2013-01-18 01:16 - 00320936 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00191400 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00190888 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00000000 ____D () C:\Program Files\Java 2014-12-22 15:48 - 2014-12-22 15:48 - 01174352 _____ () C:\Users\********\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe 2014-12-22 15:48 - 2014-12-22 15:48 - 00000000 ____D () C:\Users\********\AppData\Roaming\Cliqz 2014-12-22 15:36 - 2014-03-11 14:00 - 00000000 ____D () C:\Users\********\Downloads\******** 2014-12-22 15:30 - 2014-12-22 15:28 - 00000000 ____D () C:\Users\********\minecraft 2014-12-18 18:27 - 2014-12-03 18:05 - 00000000 ____D () C:\Neuer Ordner 2014-12-18 18:20 - 2013-01-18 01:33 - 00314928 _____ () C:\WINDOWS\DirectX.log 2014-12-17 18:17 - 2014-02-17 17:03 - 00000000 ____D () C:\Users\********\AppData\Roaming\iolo 2014-12-17 18:13 - 2014-02-17 17:23 - 00000000 ____D () C:\Program Files (x86)\Sony Corporation 2014-12-17 18:13 - 2013-06-30 01:52 - 00000000 ____D () C:\Update 2014-12-17 18:13 - 2013-01-18 01:18 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-12-17 18:13 - 2013-01-18 01:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-17 18:13 - 2013-01-18 00:52 - 00000000 ____D () C:\Program Files\Sony 2014-12-17 18:11 - 2013-08-14 01:16 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-17 18:07 - 2013-06-27 02:23 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-17 17:33 - 2013-01-18 01:21 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-12-17 17:32 - 2013-01-18 01:57 - 00000000 ____D () C:\ProgramData\Sony 2014-12-16 16:47 - 2013-07-03 00:15 - 00000000 ____D () C:\Users\********\AppData\Roaming\CyberLink 2014-12-12 02:21 - 2013-07-03 00:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-12-11 23:23 - 2014-12-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-10 01:55 - 2014-12-10 01:53 - 00000000 ____D () C:\Users\********\AppData\Local\Adobe 2014-12-10 01:54 - 2013-07-17 11:41 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater Some content of TEMP: ==================== C:\Users\********\AppData\Local\Temp\amazonicon_v6.exe C:\Users\********\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\********\AppData\Local\Temp\DseShExt-x64.dll C:\Users\********\AppData\Local\Temp\DseShExt-x86.dll C:\Users\********\AppData\Local\Temp\foxy_security.exe C:\Users\********\AppData\Local\Temp\mbam-setup-2.0.2.1012.exe C:\Users\********\AppData\Local\Temp\Quarantine.exe C:\Users\********\AppData\Local\Temp\sdanircmdc.exe C:\Users\********\AppData\Local\Temp\sdapskill.exe C:\Users\********\AppData\Local\Temp\sdaspwn.exe C:\Users\********\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\********\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\********\AppData\Local\Temp\SHSetup.exe C:\Users\********\AppData\Local\Temp\sqlite3.dll C:\Users\********\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-03-18 11:11] - [2014-03-18 11:11] - 0562176 ____A (Microsoft Corporation) 306EB21E5B480AE9065EA55AC8C35936 C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2014-09-14 20:25] - [2014-08-23 08:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA C:\Windows\SysWOW64\explorer.exe [2014-09-14 20:25] - [2014-08-23 08:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2014-07-07 00:36] - [2014-07-07 00:36] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972 C:\Windows\System32\User32.dll [2014-11-13 15:15] - [2014-09-22 05:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6C C:\Windows\SysWOW64\User32.dll [2014-11-13 15:15] - [2014-09-19 01:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1B C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2014-03-18 11:11] - [2014-03-18 11:11] - 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2014-09-14 20:23] - [2014-06-19 03:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB LastRegBack: 2015-01-02 04:48 ==================== End Of Log ============================ --- --- --- |
07.01.2015, 23:50 | #6 |
Ruhe in Frieden † 2019 | Windows 8, Virenbefall. Hallo, sehr schön. Hast du denn nun noch Probleme? Schritt 1 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 2 Starte noch einmal FRST.
__________________ --> Windows 8, Virenbefall. |
08.01.2015, 20:50 | #7 |
| Windows 8, Virenbefall.Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=1c8feb4e69df1a4780f65b174e353b23 # engine=21872 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-08 06:30:40 # local_time=2015-01-08 07:30:40 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777214 100 86 26956883 48456612 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 94904 11046159 0 0 # scanned=208777 # found=15 # cleaned=0 # scan_time=7348 sh=9967ACE5E7ABFF96DCBD8A6355FA26A8D813DA14 ft=1 fh=75b10d9be875e123 vn="Variante von Win32/Adware.SpeedingUpMyPC.T.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\lilli\AppData\Local\Temp\OptimizerPro.exe.vir" sh=F1629C7712E7AABD70DA970828F173AC654898EF ft=1 fh=249d9ad52d4d0a26 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\lilli\AppData\Local\Temp\Security Systems\Setup.exe.vir" sh=1051181D6A4E6B06FF83BFD5BAD844647E2B6450 ft=1 fh=a1ff9876a0d9750c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir" sh=E3D9389D8746D1847AA4A6AF248D2EA76B797E93 ft=1 fh=0a55342cdda5f9ee vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\Users\lilli\AppData\Local\Temp\foxy_security.exe" sh=E3D9389D8746D1847AA4A6AF248D2EA76B797E93 ft=1 fh=0a55342cdda5f9ee vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\Users\lilli\AppData\Local\Temp\2c3f58eb53411028bee59d7bce3aff52\foxy_security.exe" sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\lilli\AppData\Local\Temp\DMR\dmr_72.exe" sh=9DAA7C60C8EBCA18BB54107B1C32D666F5341D36 ft=1 fh=9a035789a933e634 vn="Variante von Win32/AdWare.NaviPromo.AZ Anwendung" ac=I fn="C:\Users\lilli\AppData\Local\Temp\n2563\FabulousInstaller.exe" sh=01E530CFF771B3736766D51413153BF653C1D045 ft=1 fh=703f9826874db652 vn="Win32/Toolbar.SearchSuite.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\lilli\AppData\Local\Temp\nsu9A8A.tmp\Starter.exe" sh=5F97E522FC00479C8BFCEC799DF1E34664CC5A58 ft=1 fh=ee5631b7e3727828 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\lilli\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe" sh=E748478F08556C928F5FC0DEA2D03BE2ED3BF594 ft=1 fh=e366108209263f40 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\lilli\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe" sh=32FE2BE13686206D66950195124C16F3F4A77FD4 ft=1 fh=1b5e613fbd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\lilli\Downloads\Meine Mülltonne\Malwarebytes-Anti-Malware-lnstall.exe" sh=2A2B0D1BDF59D203AEDCCF60E0ED1EDF12EFE52F ft=1 fh=b58b6ff5e352b598 vn="Win32/SmartFileAdvisor.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\lilli\Downloads\Meine Mülltonne\hfdo\Alcohol 120% 2.0.2 Build 5830 Retail\Alcohol120_retail_2.0.2.5830.exe" sh=45FD973B3C449586C098BA9C2E2656D599B59F56 ft=1 fh=8df7d9b43a99a85f vn="Variante von MSIL/RiskWare.HackAV.C Anwendung" ac=I fn="C:\Users\lilli\Downloads\Meine Mülltonne\hfdo\Bitdefender.Internet.Security.2013.Build.16.16.0.x64.GERMAN\liQeNSoft Activator\liQeNSoft_Bitdefender_Activator_2.0BETA3.exe" sh=941CAFA306784A0EDA0961F67B9C884A84EE5082 ft=1 fh=c71c0011c9fe2c53 vn="Variante von Win32/TrojanDownloader.VB.QNP Trojaner" ac=I fn="C:\Users\lilli\Downloads\Meine Mülltonne\uT downloads\AP CC v14.2,CS6\Adobe Photoshop CS6 13.0.1 Extended Final Multilanguage\Adobe Photoshop CS6 13.0.1 Extended Final Multilanguage.exe" sh=8E11576A2D99F0900DF7B767B216F3813170EB97 ft=1 fh=103cd6974b4c4f5b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by ***** (administrator) on VAIO on 08-01-2015 20:48:53 Running from C:\Users\*****\Downloads Loaded Profile: ***** (Available profiles: *****) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-26] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\RunOnce: [Adobe Speed Launcher] => 1420734290 HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\Policies\Explorer: [DisallowRun] 1 BootExecute: autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [HKLM-x32] => ProxyEnable is set. ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49790;https=127.0.0.1:49790 ProxyEnable: [S-1-5-21-3292672608-3251690303-1879834815-1001] => Internet Explorer proxy is enabled. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001 -> {4C434161-3A93-4930-9D0E-038FD29EDC43} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001 -> {B281959D-0D50-47CB-BD6F-46DCEA47C4B9} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default FF DefaultSearchEngine: DuckDuckGo FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3292672608-3251690303-1879834815-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File FF Plugin HKU\S-1-5-21-3292672608-3251690303-1879834815-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\webde-suche.xml FF Extension: Cliqz Beta - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\cliqz@cliqz.com.xpi [2014-12-23] FF Extension: Dict.cc Translation - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\searchdictcc@roughael.xpi [2014-02-06] FF Extension: Tab Updater - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{55dcbefc-9aee-466f-9c9c-15e792724dd4}.xpi [2014-08-10] FF Extension: {9d2201b0-125f-4d8f-ab37-93446f702158} - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{9d2201b0-125f-4d8f-ab37-93446f702158}.xpi [2014-07-24] FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-03] FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-12-11] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\extensions\cliqz@cliqz.com Chrome: ======= CHR HomePage: Default -> CHR DefaultSearchKeyword: Default -> 42F6E8BE048717FD250B42F9EEA3283CD3B5149BF262C375DA8B14B231469467 CHR DefaultSearchURL: Default -> 66E7675B4F3335AA3CF5CC5A5824ECA1524996BB369F834684DC2B4574DEE592 CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-17] CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-17] CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-17] CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-17] CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-17] CHR Extension: (Default-Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\poimdfnhgefmnkeefbjibbiemlimdnof [2014-12-22] CHR HKLM-x32\...\Chrome\Extension: [poimdfnhgefmnkeefbjibbiemlimdnof] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-26] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-26] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-08] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-08] (McAfee, Inc.) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation) S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed] R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-08] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-08] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-08] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-08] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-08] (McAfee, Inc.) R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-06-08] () R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 BTATH_VDP; \SystemRoot\system32\drivers\btath_vdp.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-08 20:48 - 2015-01-08 20:48 - 02124288 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe 2015-01-08 20:48 - 2015-01-08 20:48 - 00017621 _____ () C:\Users\*****\Downloads\FRST.txt 2015-01-08 15:45 - 2015-01-08 15:45 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-08 15:44 - 2015-01-08 15:44 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_deu.exe 2015-01-07 15:46 - 2015-01-07 15:46 - 00000000 ____D () C:\Users\*****\Desktop\logs aktuell 2015-01-07 15:36 - 2015-01-07 15:38 - 00000000 ____D () C:\AdwCleaner 2015-01-07 15:35 - 2015-01-07 15:35 - 02173952 _____ () C:\Users\*****\Downloads\AdwCleaner_4.106.exe 2015-01-07 15:28 - 2015-01-07 15:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\*****\Downloads\revosetup95.exe 2015-01-07 15:28 - 2015-01-07 15:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-01 22:23 - 2015-01-01 22:23 - 01114624 _____ (Farbar) C:\Users\*****\Downloads\FRST.exe 2015-01-01 21:22 - 2015-01-01 22:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-01 21:22 - 2015-01-01 21:22 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-01 21:22 - 2015-01-01 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-01 21:22 - 2015-01-01 21:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-01 21:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-01 21:22 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-01 21:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-31 15:26 - 2014-12-31 15:26 - 00000000 ____D () C:\Users\*****\Documents\Movie Studio Platinum 12.0 Projekte 2014-12-28 16:43 - 2014-12-28 16:43 - 01174352 _____ () C:\Users\*****\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-12-23 01:43 - 2014-12-23 01:43 - 01080608 _____ (Unity Technologies ApS) C:\Users\*****\Downloads\UnityWebPlayer.exe 2014-12-23 00:29 - 2015-01-08 17:26 - 00000000 ____D () C:\Users\*****\OneDrive 2014-12-22 16:01 - 2014-12-22 16:01 - 00000000 ____D () C:\Users\*****\Documents\libraries 2014-12-22 16:00 - 2014-12-22 16:01 - 00000316 _____ () C:\Users\*****\Documents\launcher_profiles.json 2014-12-22 15:54 - 2014-12-22 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-22 15:54 - 2013-01-18 01:16 - 01034216 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll 2014-12-22 15:54 - 2013-01-18 01:16 - 00916456 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2014-12-22 15:53 - 2014-12-22 15:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-22 15:49 - 2014-12-22 16:00 - 00000000 ____D () C:\Users\*****\Downloads\minecraft cracked launcher 2014-12-22 15:48 - 2014-12-22 15:48 - 01174352 _____ () C:\Users\*****\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe 2014-12-22 15:48 - 2014-12-22 15:48 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Cliqz 2014-12-22 15:48 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll 2014-12-22 15:48 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll 2014-12-22 15:38 - 2014-12-22 16:01 - 00000000 ____D () C:\Users\*****\Documents\versions 2014-12-22 15:28 - 2014-12-22 15:30 - 00000000 ____D () C:\Users\*****\minecraft 2014-12-19 16:36 - 2014-12-22 15:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.minecraft 2014-12-18 18:05 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2014-12-13 05:16 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-13 05:16 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-11 23:47 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-11 23:47 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-11 23:46 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-11 23:46 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-11 23:37 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-11 23:37 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-11 23:37 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-11 23:37 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-11 23:37 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-11 23:37 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-11 23:37 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-11 23:37 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-11 23:35 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-11 23:35 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-11 23:35 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-11 23:35 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-11 23:35 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-11 23:35 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-11 23:35 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-11 23:35 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-11 23:35 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-11 23:35 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-11 23:35 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-11 23:35 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-11 23:35 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-11 23:35 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-11 23:35 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-11 23:35 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-11 23:35 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-11 23:35 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-11 23:35 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-11 23:35 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-11 23:35 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-11 23:35 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-11 23:35 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-11 23:35 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-11 23:35 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-11 23:35 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-11 23:34 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-11 23:34 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-11 23:34 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-11 23:34 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-11 23:34 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-11 23:34 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-11 23:34 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-11 23:34 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-11 23:34 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-11 23:34 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-11 23:34 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-11 23:34 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-11 23:34 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-11 23:22 - 2014-12-11 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-10 01:53 - 2014-12-10 01:55 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-08 20:49 - 2013-12-29 14:32 - 00000000 ____D () C:\FRST 2015-01-08 20:31 - 2013-07-17 11:41 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-08 20:25 - 2014-07-07 00:18 - 01869041 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-08 20:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-08 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-08 19:31 - 2013-06-25 22:25 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3292672608-3251690303-1879834815-1001 2015-01-08 17:30 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-08 17:30 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-08 17:30 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-08 17:24 - 2014-07-06 23:57 - 00000000 ____D () C:\Users\***** 2015-01-08 17:23 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-08 16:12 - 2014-07-14 19:47 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E224C277-5ECC-4FD1-8C88-6A01FE5D7476} 2015-01-07 15:39 - 2014-03-18 02:50 - 00220818 _____ () C:\WINDOWS\PFRO.log 2015-01-07 15:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-07 15:38 - 2013-12-22 13:46 - 00001095 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2015-01-07 15:38 - 2013-01-18 02:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-01-07 15:34 - 2014-02-08 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games 2015-01-02 23:16 - 2013-06-25 22:15 - 00000000 ____D () C:\Users\*****\AppData\Local\Packages 2015-01-01 21:57 - 2014-07-17 13:07 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-01 19:25 - 2013-08-22 15:46 - 00292362 _____ () C:\WINDOWS\setupact.log 2014-12-31 15:26 - 2013-12-19 18:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Sony 2014-12-31 15:26 - 2013-06-25 22:34 - 00000000 ____D () C:\Users\*****\AppData\Local\Sony 2014-12-31 12:14 - 2013-06-29 00:25 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-25 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-23 19:23 - 2014-02-08 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games 2014-12-23 18:06 - 2014-02-07 11:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 15:54 - 2013-01-18 01:16 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-12-22 15:53 - 2013-01-18 01:16 - 00320936 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00191400 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00190888 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00000000 ____D () C:\Program Files\Java 2014-12-22 15:36 - 2014-03-11 14:00 - 00000000 ____D () C:\Users\*****\Downloads\************* 2014-12-18 18:32 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-18 18:27 - 2014-12-03 18:05 - 00000000 ____D () C:\Neuer Ordner 2014-12-18 18:20 - 2013-01-18 01:33 - 00314928 _____ () C:\WINDOWS\DirectX.log 2014-12-17 18:17 - 2014-02-17 17:03 - 00000000 ____D () C:\Users\*****\AppData\Roaming\iolo 2014-12-17 18:13 - 2014-02-17 17:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main 2014-12-17 18:13 - 2014-02-17 17:23 - 00000000 ____D () C:\Program Files (x86)\Sony Corporation 2014-12-17 18:13 - 2013-06-30 01:52 - 00000000 ____D () C:\Update 2014-12-17 18:13 - 2013-01-18 01:18 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-12-17 18:13 - 2013-01-18 01:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-17 18:13 - 2013-01-18 00:52 - 00000000 ____D () C:\Program Files\Sony 2014-12-17 18:11 - 2013-08-14 01:16 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-17 18:07 - 2013-06-27 02:23 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-17 17:33 - 2013-01-18 01:21 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-12-17 17:32 - 2013-01-18 01:57 - 00000000 ____D () C:\ProgramData\Sony 2014-12-16 16:47 - 2013-07-03 00:15 - 00000000 ____D () C:\Users\*****\AppData\Roaming\CyberLink 2014-12-12 02:21 - 2013-07-03 00:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-12-12 02:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-12-11 23:21 - 2013-01-18 01:41 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 01:54 - 2013-07-17 11:41 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-12-10 01:11 - 2014-01-29 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware Some content of TEMP: ==================== C:\Users\*****\AppData\Local\Temp\amazonicon_v6.exe C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\*****\AppData\Local\Temp\DseShExt-x64.dll C:\Users\*****\AppData\Local\Temp\DseShExt-x86.dll C:\Users\*****\AppData\Local\Temp\foxy_security.exe C:\Users\*****\AppData\Local\Temp\mbam-setup-2.0.2.1012.exe C:\Users\*****\AppData\Local\Temp\Quarantine.exe C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe C:\Users\*****\AppData\Local\Temp\sdapskill.exe C:\Users\*****\AppData\Local\Temp\sdaspwn.exe C:\Users\*****\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\*****\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\*****\AppData\Local\Temp\SHSetup.exe C:\Users\*****\AppData\Local\Temp\sqlite3.dll C:\Users\*****\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-08 19:31 ==================== End Of Log ============================ --- --- --- |
09.01.2015, 22:20 | #9 |
| Windows 8, Virenbefall. Oh achso. Also ich merke keine beeinträchtigungen beim surfen oder anderes. Bei Eset wurden noch 15 viren gefunden. Probleme sonst keine. |
10.01.2015, 23:45 | #10 | |
Ruhe in Frieden † 2019 | Windows 8, Virenbefall. Hallo, gut, dann sollten wir den Proxy noch rausnehmen. Bitte drauf achten die Sternchen zu ersetzen. Was ist das denn? Zitat:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: [HKLM-x32] => ProxyEnable is set. ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49790;https=127.0.0.1:49790 ProxyEnable: [S-1-5-21-3292672608-3251690303-1879834815-1001] => Internet Explorer proxy is enabled. FF Extension: Tab Updater - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{55dcbefc-9aee-466f-9c9c-15e792724dd4}.xpi [2014-08-10] FF Extension: {9d2201b0-125f-4d8f-ab37-93446f702158} - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{9d2201b0-125f-4d8f-ab37-93446f702158}.xpi [2014-07-24] CHR Extension: (Default-Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\poimdfnhgefmnkeefbjibbiemlimdnof [2014-12-22] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] C:\Users\*****\AppData\Local\Temp\SHSetup.exe C:\Users\lilli\AppData\Local\Temp\foxy_security.exe C:\Users\lilli\AppData\Local\Temp\2c3f58eb53411028bee59d7bce3aff52\foxy_security.exe C:\Users\lilli\AppData\Local\Temp\DMR\dmr_72.exe C:\Users\lilli\AppData\Local\Temp\n2563\FabulousInstaller.exe C:\Users\lilli\AppData\Local\Temp\nsu9A8A.tmp\Starter.exe C:\Users\lilli\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe C:\Users\lilli\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe C:\Users\lilli\Downloads\Meine Mülltonne\Malwarebytes-Anti-Malware-lnstall.exe C:\Users\lilli\Downloads\Meine Mülltonne\hfdo\Alcohol 120% 2.0.2 Build 5830 Retail\Alcohol120_retail_2.0.2.5830.exe C:\Users\lilli\Downloads\Meine Mülltonne\hfdo\Bitdefender.Internet.Security.2013.Build.16.16.0.x64.GERMAN\liQeNSoft Activator\liQeNSoft_Bitdefender_Activator_2.0BETA3.exe C:\Users\lilli\Downloads\Meine Mülltonne\uT downloads\AP CC v14.2,CS6\Adobe Photoshop CS6 13.0.1 Extended Final Multilanguage\Adobe Photoshop CS6 13.0.1 Extended Final Multilanguage.exe C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte noch einmal FRST.
|
14.01.2015, 15:48 | #11 |
| Windows 8, Virenbefall.Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015 Ran by lilli at 2015-01-14 15:45:15 Run:1 Running from C:\Users\lilli\Downloads Loaded Profile: lilli (Available profiles: lilli) Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyEnable: [HKLM-x32] => ProxyEnable is set. ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49790;https=127.0.0.1:49790 ProxyEnable: [S-1-5-21-3292672608-3251690303-1879834815-1001] => Internet Explorer proxy is enabled. FF Extension: Tab Updater - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{55dcbefc-9aee-466f-9c9c-15e792724dd4}.xpi [2014-08-10] FF Extension: {9d2201b0-125f-4d8f-ab37-93446f702158} - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{9d2201b0-125f-4d8f-ab37-93446f702158}.xpi [2014-07-24] CHR Extension: (Default-Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\poimdfnhgefmnkeefbjibbiemlimdnof [2014-12-22] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] C:\Users\*****\AppData\Local\Temp\SHSetup.exe C:\Users\lilli\AppData\Local\Temp\foxy_security.exe C:\Users\lilli\AppData\Local\Temp\2c3f58eb53411028bee59d7bce3aff52\foxy_security.exe C:\Users\lilli\AppData\Local\Temp\DMR\dmr_72.exe C:\Users\lilli\AppData\Local\Temp\n2563\FabulousInstaller.exe C:\Users\lilli\AppData\Local\Temp\nsu9A8A.tmp\Starter.exe C:\Users\lilli\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe C:\Users\lilli\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe C:\Users\lilli\Downloads\Meine Mülltonne\Malwarebytes-Anti-Malware-lnstall.exe C:\Users\lilli\Downloads\Meine Mülltonne\hfdo\Alcohol 120% 2.0.2 Build 5830 Retail\Alcohol120_retail_2.0.2.5830.exe C:\Users\lilli\Downloads\Meine Mülltonne\hfdo\Bitdefender.Internet.Security.2013.Build.16.16.0.x64.GERMAN\liQeNSoft Activator\liQeNSoft_Bitdefender_Activator_2.0BETA3.exe C:\Users\lilli\Downloads\Meine Mülltonne\uT downloads\AP CC v14.2,CS6\Adobe Photoshop CS6 13.0.1 Extended Final Multilanguage\Adobe Photoshop CS6 13.0.1 Extended Final Multilanguage.exe C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll ***************** HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{55dcbefc-9aee-466f-9c9c-15e792724dd4}.xpi not found. C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{9d2201b0-125f-4d8f-ab37-93446f702158}.xpi not found. C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\poimdfnhgefmnkeefbjibbiemlimdnof directory not found. esgiguard => Service deleted successfully. "C:\Users\*****\AppData\Local\Temp\SHSetup.exe" => File/Directory not found. C:\Users\lilli\AppData\Local\Temp\foxy_security.exe => Moved successfully. C:\Users\lilli\AppData\Local\Temp\2c3f58eb53411028bee59d7bce3aff52\foxy_security.exe => Moved successfully. C:\Users\lilli\AppData\Local\Temp\DMR\dmr_72.exe => Moved successfully. C:\Users\lilli\AppData\Local\Temp\n2563\FabulousInstaller.exe => Moved successfully. C:\Users\lilli\AppData\Local\Temp\nsu9A8A.tmp\Starter.exe => Moved successfully. C:\Users\lilli\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe => Moved successfully. C:\Users\lilli\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => Moved successfully. C:\Users\lilli\Downloads\Meine Mülltonne\Malwarebytes-Anti-Malware-lnstall.exe => Moved successfully. C:\Users\lilli\Downloads\Meine Mülltonne\hfdo\Alcohol 120% 2.0.2 Build 5830 Retail\Alcohol120_retail_2.0.2.5830.exe => Moved successfully. C:\Users\lilli\Downloads\Meine Mülltonne\hfdo\Bitdefender.Internet.Security.2013.Build.16.16.0.x64.GERMAN\liQeNSoft Activator\liQeNSoft_Bitdefender_Activator_2.0BETA3.exe => Moved successfully. C:\Users\lilli\Downloads\Meine Mülltonne\uT downloads\AP CC v14.2,CS6\Adobe Photoshop CS6 13.0.1 Extended Final Multilanguage\Adobe Photoshop CS6 13.0.1 Extended Final Multilanguage.exe => Moved successfully. C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll => Moved successfully. ==== End of Fixlog 15:45:18 ==== FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by lilli (administrator) on VAIO on 14-01-2015 15:45:53 Running from C:\Users\lilli\Downloads Loaded Profile: lilli (Available profiles: lilli) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-26] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\RunOnce: [Adobe Speed Launcher] => 1421246366 HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\Policies\Explorer: [DisallowRun] 1 BootExecute: autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001 -> {4C434161-3A93-4930-9D0E-038FD29EDC43} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout SearchScopes: HKU\S-1-5-21-3292672608-3251690303-1879834815-1001 -> {B281959D-0D50-47CB-BD6F-46DCEA47C4B9} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default FF DefaultSearchEngine: DuckDuckGo FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3292672608-3251690303-1879834815-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File FF Plugin HKU\S-1-5-21-3292672608-3251690303-1879834815-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\searchplugins\webde-suche.xml FF Extension: Cliqz Beta - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\cliqz@cliqz.com.xpi [2014-12-23] FF Extension: Dict.cc Translation - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\searchdictcc@roughael.xpi [2014-02-06] FF Extension: Tab Updater - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{55dcbefc-9aee-466f-9c9c-15e792724dd4}.xpi [2014-08-10] FF Extension: {9d2201b0-125f-4d8f-ab37-93446f702158} - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{9d2201b0-125f-4d8f-ab37-93446f702158}.xpi [2014-07-24] FF Extension: Adblock Plus - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-03] FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-12-11] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-3292672608-3251690303-1879834815-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\lilli\AppData\Roaming\Mozilla\Firefox\Profiles\fo1xyvwa.default\extensions\cliqz@cliqz.com Chrome: ======= CHR HomePage: Default -> CHR DefaultSearchKeyword: Default -> 42F6E8BE048717FD250B42F9EEA3283CD3B5149BF262C375DA8B14B231469467 CHR DefaultSearchURL: Default -> 66E7675B4F3335AA3CF5CC5A5824ECA1524996BB369F834684DC2B4574DEE592 CHR Profile: C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-17] CHR Extension: (Google Drive) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-17] CHR Extension: (Google-Suche) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-17] CHR Extension: (Google Wallet) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-17] CHR Extension: (Google Mail) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-17] CHR Extension: (Default-Search) - C:\Users\lilli\AppData\Local\Google\Chrome\User Data\Default\Extensions\poimdfnhgefmnkeefbjibbiemlimdnof [2014-12-22] CHR HKLM-x32\...\Chrome\Extension: [poimdfnhgefmnkeefbjibbiemlimdnof] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-26] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-26] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-08] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-08] (McAfee, Inc.) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation) S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed] R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-08] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-08] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-08] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-08] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-08] (McAfee, Inc.) R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-06-08] () R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 BTATH_VDP; \SystemRoot\system32\drivers\btath_vdp.sys [X] S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-08 20:48 - 2015-01-14 15:45 - 00017121 _____ () C:\Users\lilli\Downloads\FRST.txt 2015-01-08 20:48 - 2015-01-08 20:48 - 02124288 _____ (Farbar) C:\Users\lilli\Downloads\FRST64.exe 2015-01-08 15:45 - 2015-01-08 15:45 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-08 15:44 - 2015-01-08 15:44 - 02347384 _____ (ESET) C:\Users\lilli\Downloads\esetsmartinstaller_deu.exe 2015-01-07 15:46 - 2015-01-14 15:42 - 00000000 ____D () C:\Users\lilli\Desktop\logs aktuell 2015-01-07 15:36 - 2015-01-07 15:38 - 00000000 ____D () C:\AdwCleaner 2015-01-07 15:35 - 2015-01-07 15:35 - 02173952 _____ () C:\Users\lilli\Downloads\AdwCleaner_4.106.exe 2015-01-07 15:28 - 2015-01-07 15:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\lilli\Downloads\revosetup95.exe 2015-01-07 15:28 - 2015-01-07 15:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-01 22:23 - 2015-01-01 22:23 - 01114624 _____ (Farbar) C:\Users\lilli\Downloads\FRST.exe 2015-01-01 21:22 - 2015-01-01 22:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-01 21:22 - 2015-01-01 21:22 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-01 21:22 - 2015-01-01 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-01 21:22 - 2015-01-01 21:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-01 21:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-01 21:22 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-01 21:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-31 15:26 - 2014-12-31 15:26 - 00000000 ____D () C:\Users\lilli\Documents\Movie Studio Platinum 12.0 Projekte 2014-12-23 01:43 - 2014-12-23 01:43 - 01080608 _____ (Unity Technologies ApS) C:\Users\lilli\Downloads\UnityWebPlayer.exe 2014-12-23 00:29 - 2015-01-14 15:42 - 00000000 ___RD () C:\Users\lilli\OneDrive 2014-12-22 16:01 - 2014-12-22 16:01 - 00000000 ____D () C:\Users\lilli\Documents\libraries 2014-12-22 16:00 - 2014-12-22 16:01 - 00000316 _____ () C:\Users\lilli\Documents\launcher_profiles.json 2014-12-22 15:54 - 2014-12-22 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-22 15:54 - 2013-01-18 01:16 - 01034216 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll 2014-12-22 15:54 - 2013-01-18 01:16 - 00916456 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2014-12-22 15:53 - 2014-12-22 15:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-22 15:49 - 2014-12-22 16:00 - 00000000 ____D () C:\Users\lilli\Downloads\minecraft cracked launcher 2014-12-22 15:48 - 2014-12-22 15:48 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\Cliqz 2014-12-22 15:48 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll 2014-12-22 15:48 - 2011-03-25 19:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll 2014-12-22 15:38 - 2014-12-22 16:01 - 00000000 ____D () C:\Users\lilli\Documents\versions 2014-12-22 15:28 - 2014-12-22 15:30 - 00000000 ____D () C:\Users\lilli\minecraft 2014-12-19 16:36 - 2014-12-22 15:56 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\.minecraft 2014-12-18 18:05 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2014-12-18 18:05 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2014-12-18 18:05 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 15:45 - 2014-03-11 14:00 - 00000000 ____D () C:\Users\lilli\Downloads\Meine Mülltonne 2015-01-14 15:45 - 2013-12-29 14:32 - 00000000 ____D () C:\FRST 2015-01-14 15:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-14 14:37 - 2014-07-07 00:18 - 01539621 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-13 20:31 - 2013-07-17 11:41 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-13 20:12 - 2013-06-25 22:25 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3292672608-3251690303-1879834815-1001 2015-01-13 19:31 - 2013-07-17 11:41 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-13 18:34 - 2014-07-14 19:47 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E224C277-5ECC-4FD1-8C88-6A01FE5D7476} 2015-01-13 11:26 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-13 11:26 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-13 11:26 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-12 21:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-12 13:55 - 2014-12-03 18:05 - 00000000 ____D () C:\Neuer Ordner 2015-01-10 17:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-08 17:24 - 2014-07-06 23:57 - 00000000 ____D () C:\Users\lilli 2015-01-08 17:23 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-07 15:39 - 2014-03-18 02:50 - 00220818 _____ () C:\WINDOWS\PFRO.log 2015-01-07 15:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-07 15:38 - 2013-12-22 13:46 - 00001095 _____ () C:\Users\lilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2015-01-07 15:38 - 2013-01-18 02:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-01-07 15:34 - 2014-02-08 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games 2015-01-02 23:16 - 2013-06-25 22:15 - 00000000 ____D () C:\Users\lilli\AppData\Local\Packages 2015-01-01 21:57 - 2014-07-17 13:07 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-01 19:25 - 2013-08-22 15:46 - 00292362 _____ () C:\WINDOWS\setupact.log 2014-12-31 15:26 - 2013-12-19 18:38 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\Sony 2014-12-31 15:26 - 2013-06-25 22:34 - 00000000 ____D () C:\Users\lilli\AppData\Local\Sony 2014-12-31 12:14 - 2013-06-29 00:25 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-25 18:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-23 19:23 - 2014-02-08 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games 2014-12-23 18:06 - 2014-02-07 11:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 15:54 - 2013-01-18 01:16 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-12-22 15:53 - 2013-01-18 01:16 - 00320936 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00191400 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00190888 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-12-22 15:53 - 2013-01-18 01:16 - 00000000 ____D () C:\Program Files\Java 2014-12-18 18:32 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-18 18:20 - 2013-01-18 01:33 - 00314928 _____ () C:\WINDOWS\DirectX.log 2014-12-17 18:17 - 2014-02-17 17:03 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\iolo 2014-12-17 18:13 - 2014-02-17 17:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main 2014-12-17 18:13 - 2014-02-17 17:23 - 00000000 ____D () C:\Program Files (x86)\Sony Corporation 2014-12-17 18:13 - 2013-06-30 01:52 - 00000000 ____D () C:\Update 2014-12-17 18:13 - 2013-01-18 01:18 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-12-17 18:13 - 2013-01-18 01:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-17 18:13 - 2013-01-18 00:52 - 00000000 ____D () C:\Program Files\Sony 2014-12-17 18:11 - 2013-08-14 01:16 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-17 18:07 - 2013-06-27 02:23 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-17 17:33 - 2013-01-18 01:21 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-12-17 17:32 - 2013-01-18 01:57 - 00000000 ____D () C:\ProgramData\Sony 2014-12-16 16:47 - 2013-07-03 00:15 - 00000000 ____D () C:\Users\lilli\AppData\Roaming\CyberLink Some content of TEMP: ==================== C:\Users\lilli\AppData\Local\Temp\amazonicon_v6.exe C:\Users\lilli\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\lilli\AppData\Local\Temp\DseShExt-x64.dll C:\Users\lilli\AppData\Local\Temp\DseShExt-x86.dll C:\Users\lilli\AppData\Local\Temp\mbam-setup-2.0.2.1012.exe C:\Users\lilli\AppData\Local\Temp\Quarantine.exe C:\Users\lilli\AppData\Local\Temp\sdanircmdc.exe C:\Users\lilli\AppData\Local\Temp\sdapskill.exe C:\Users\lilli\AppData\Local\Temp\sdaspwn.exe C:\Users\lilli\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\lilli\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\lilli\AppData\Local\Temp\SHSetup.exe C:\Users\lilli\AppData\Local\Temp\sqlite3.dll C:\Users\lilli\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-08 19:31 ==================== End Of Log ============================ --- --- --- |
16.01.2015, 00:42 | #12 | |
Ruhe in Frieden † 2019 | Windows 8, Virenbefall. Hallo, bitte das Zitat:
OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren. Windows XP Gehe auf: Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen Windows Vista Gehe auf: Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen Windows 7 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Windows 8 Dazu drücke auf: Windowstaste und X dann: Programme und Funktionen -->Javaversionen auswählen --> entfernen Falls du Java doch unbedingt benötigst, dann sorge dafür, dass Java automatisch updated. Dazu:
Hier findest du eine Anleitung dazu. Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows. Windows Vista
Windows 7
Windows 8
Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
16.01.2015, 14:22 | #13 |
| Windows 8, Virenbefall. Ist jetzt alles erledigt. Ich hab keine Frage mehr. Wollte mich für die Bereinigung der Vireninfektion bedanken. Also vielen dank an dich Bootsektor(sandra) und auch dankeschön an Trojanerboard für die Unterstützung und danke für die Programme. |
19.01.2015, 22:41 | #14 |
Ruhe in Frieden † 2019 | Windows 8, Virenbefall. Hallo spinweb, vielen Dank für Deine Rückmeldung. Alles Gute für Dich Somit ist dieses Thema erledigt, falls du noch Fragen haben solltest oder es Probleme gibt, so schicke mir bitte eine PN Jeder andere bitte hier klicken und einen eigenen Thread erstellen |