So. habe jetzt mal alles gemacht.
neue FRST log:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by Lukas (administrator) on LUKAS-PC on 15-10-2014 18:35:42
Running from C:\Users\Lukas\Desktop
Loaded Profile: Lukas (Available profiles: Lukas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:54551;https=127.0.0.1:54551
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=10959&guid={56BD9FE5-FC70-45C5-9223-B1A3E72B4489}&i=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC12D96DA8762CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324760&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=2&UP=SP9F4911DB-B118-4A7D-A1CF-9DD41171A896&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {49EEC85B-30D1-4F36-9EEC-3BD568E8B2CD} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10959
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {DD14385E-CE32-4BE8-888C-BD4E797DB5FA} - No File
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.4.0.10\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-10-15]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-11-29] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-27] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-13] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1267200 2010-10-28] (C-Media Inc)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-29] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141010.001\IDSvia64.sys [633560 2014-08-27] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141012.001\ENG64.SYS [129752 2014-09-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141012.001\EX64.SYS [2137304 2014-09-29] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2008-02-18] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [41216 2008-02-18] (Saitek)
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [163644 2012-08-26] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 18:34 - 2014-10-15 18:34 - 00002214 _____ () C:\Users\Lukas\Desktop\JRT.txt
2014-10-15 18:30 - 2014-10-15 18:30 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 18:29 - 2014-10-15 18:29 - 00003826 _____ () C:\Users\Lukas\Desktop\AdwCleaner[S0].txt
2014-10-15 18:22 - 2014-10-15 18:24 - 00000000 ____D () C:\AdwCleaner
2014-10-15 18:22 - 2014-10-15 18:22 - 00015470 _____ () C:\Users\Lukas\Desktop\MBAM.txt
2014-10-15 18:12 - 2014-10-15 18:27 - 00009636 _____ () C:\Windows\PFRO.log
2014-10-15 17:59 - 2014-10-15 18:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 17:59 - 2014-10-15 17:59 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-15 17:58 - 2014-10-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-15 17:58 - 2014-10-15 17:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-15 17:58 - 2014-10-15 17:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 17:58 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-15 17:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-15 17:58 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 17:54 - 2014-10-15 17:54 - 01976320 _____ () C:\Users\Lukas\Desktop\AdwCleaner_4.000.exe
2014-10-15 17:54 - 2014-10-15 17:54 - 01705698 _____ (Thisisu) C:\Users\Lukas\Desktop\JRT.exe
2014-10-15 17:53 - 2014-10-15 17:53 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-15 17:43 - 2014-10-15 18:27 - 00000504 _____ () C:\Windows\setupact.log
2014-10-15 17:43 - 2014-10-15 17:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-13 16:36 - 2014-10-13 16:36 - 00032159 _____ () C:\ComboFix.txt
2014-10-13 16:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-13 16:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-13 16:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-13 16:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-13 16:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-13 16:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-13 16:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-13 16:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-13 16:10 - 2014-10-13 16:37 - 00000000 ____D () C:\Qoobox
2014-10-13 16:10 - 2014-10-13 16:32 - 00000000 ____D () C:\Windows\erdnt
2014-10-13 16:05 - 2014-10-13 16:05 - 05582915 ____R (Swearware) C:\Users\Lukas\Desktop\ComboFix.exe
2014-10-12 22:00 - 2014-10-12 22:00 - 00000614 _____ () C:\Users\Lukas\Desktop\Gmer.log
2014-10-12 21:40 - 2014-10-12 21:40 - 00380416 _____ () C:\Users\Lukas\Desktop\Gmer-19357.exe
2014-10-12 21:39 - 2014-10-15 18:35 - 00017176 _____ () C:\Users\Lukas\Desktop\FRST.txt
2014-10-12 21:39 - 2014-10-12 21:40 - 00042077 _____ () C:\Users\Lukas\Desktop\Addition.txt
2014-10-12 21:38 - 2014-10-12 21:38 - 02110464 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2014-10-12 21:31 - 2014-10-12 21:31 - 00000472 _____ () C:\Users\Lukas\Desktop\defogger_disable.log
2014-10-12 21:31 - 2014-10-12 21:31 - 00000000 _____ () C:\Users\Lukas\defogger_reenable
2014-10-12 21:28 - 2014-10-12 21:28 - 00050477 _____ () C:\Users\Lukas\Desktop\Defogger.exe
2014-10-12 20:51 - 2014-10-15 18:35 - 00000000 ____D () C:\FRST
2014-10-12 20:32 - 2014-10-12 20:33 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Adobe
2014-10-12 14:03 - 2014-10-12 14:05 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Deployment
2014-10-06 18:56 - 2014-10-06 18:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-06 18:56 - 2014-10-06 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-03 19:04 - 2014-10-15 17:48 - 00003852 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412355880
2014-10-03 19:04 - 2014-10-03 19:04 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-03 18:52 - 2014-10-03 18:52 - 00001427 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-30 21:28 - 2014-09-30 21:28 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Razer_Inc
2014-09-30 21:08 - 2014-10-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-30 21:08 - 2014-09-30 21:08 - 00000000 ____D () C:\ProgramData\Razer
2014-09-30 21:05 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-30 21:05 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-30 21:05 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-30 21:05 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-30 21:05 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-30 21:05 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-30 21:05 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-30 21:05 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-30 21:05 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-30 21:05 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-30 21:05 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-30 21:05 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-30 20:19 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:19 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-27 20:34 - 2014-09-27 20:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-09-27 12:31 - 2014-09-27 12:31 - 00003104 _____ () C:\Windows\System32\Tasks\{130CA267-4C0B-4FC0-8AE1-7CF16888ABA9}
2014-09-27 12:26 - 2014-09-27 12:27 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\RHEng
2014-09-27 12:26 - 2014-09-27 12:27 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-09-27 12:26 - 2014-09-27 12:26 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-09-27 12:26 - 2014-09-27 12:26 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\TuneUp Software
2014-09-27 12:26 - 2014-09-27 12:26 - 00000000 ____D () C:\Users\Lukas\AppData\Local\TuneUp Software
2014-09-27 12:23 - 2014-10-12 21:06 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\DVDVideoSoft
2014-09-27 12:12 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-27 12:12 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 15:45 - 2014-09-22 15:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-22 15:45 - 2014-09-13 22:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-09-22 15:43 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-09-22 15:43 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-22 15:43 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-22 15:43 - 2014-09-14 01:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-09-21 16:47 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-21 16:47 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-21 16:45 - 2014-09-21 16:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-21 16:31 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-21 16:31 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 18:34 - 2009-07-14 06:45 - 00027936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 18:34 - 2009-07-14 06:45 - 00027936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 18:33 - 2013-11-07 21:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-15 18:29 - 2012-07-29 13:14 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 18:27 - 2012-07-23 18:00 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-15 18:27 - 2012-07-11 09:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-15 18:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 18:26 - 2014-01-03 16:51 - 01597440 ___SH () C:\Users\Lukas\Desktop\Thumbs.db
2014-10-15 18:26 - 2013-09-16 15:39 - 01083429 _____ () C:\Windows\WindowsUpdate.log
2014-10-15 18:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-15 18:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-15 17:48 - 2012-08-23 16:23 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-13 22:03 - 2012-08-26 21:01 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Notepad++
2014-10-13 21:39 - 2012-07-29 13:14 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 19:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-13 18:02 - 2014-09-01 18:09 - 00000000 ____D () C:\Users\Lukas\Desktop\musik 1
2014-10-13 16:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-13 16:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-12 22:14 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-10-12 22:14 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-10-12 22:14 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 21:43 - 2012-08-31 23:51 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Skype
2014-10-12 21:31 - 2012-07-14 13:13 - 00000000 ____D () C:\Users\Lukas
2014-10-12 20:33 - 2013-11-07 21:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-12 20:33 - 2013-11-07 21:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-12 20:33 - 2013-11-07 21:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-12 14:03 - 2013-10-28 00:15 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Apps\2.0
2014-10-11 16:30 - 2013-10-13 00:46 - 00000000 ____D () C:\ProgramData\Origin
2014-10-11 16:29 - 2013-10-13 00:46 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-09 21:35 - 2012-07-14 15:37 - 00000000 ____D () C:\Users\Lukas\Desktop\Sontiges
2014-10-06 20:03 - 2012-08-16 03:29 - 00000000 ____D () C:\Users\Lukas\AppData\Local\CrashDumps
2014-10-06 20:03 - 2012-07-14 17:53 - 00000000 ____D () C:\Users\Lukas\Downloads\Sonstige
2014-10-06 18:56 - 2012-08-31 23:50 - 00000000 ____D () C:\ProgramData\Skype
2014-10-05 15:05 - 2012-07-15 17:44 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-10-05 15:05 - 2012-07-15 17:44 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-10-03 19:41 - 2013-10-13 02:05 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-10-03 19:04 - 2013-11-07 21:09 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Opera Software
2014-10-03 19:04 - 2013-11-07 21:09 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Opera Software
2014-10-03 19:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 18:54 - 2009-07-14 06:45 - 04964528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-03 18:23 - 2012-07-11 09:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-03 18:21 - 2012-07-14 13:13 - 00087792 _____ () C:\Users\Lukas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-03 18:05 - 2012-07-14 16:28 - 00000000 ____D () C:\Users\Lukas\AppData\Local\TeamSpeak 3 Client
2014-09-30 21:48 - 2012-07-14 16:03 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Adobe
2014-09-30 21:48 - 2012-07-11 09:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-29 21:15 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-29 20:12 - 2012-07-14 15:29 - 00000000 ____D () C:\ProgramData\Norton
2014-09-27 20:28 - 2013-11-18 17:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-27 20:28 - 2013-07-13 22:10 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-27 20:28 - 2012-07-14 15:34 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-27 12:52 - 2012-08-26 17:37 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Paint.NET
2014-09-22 15:45 - 2013-11-05 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-22 15:45 - 2012-07-11 09:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-21 16:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-17 06:51 - 2014-01-14 22:16 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-09-17 04:13 - 2014-06-02 17:34 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-09-17 04:13 - 2013-11-05 20:29 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-09-17 04:12 - 2014-06-02 17:34 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-09-17 04:12 - 2013-11-05 20:29 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
Some content of TEMP:
====================
C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe
C:\Users\Lukas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-13 18:58
==================== End Of Log ============================
--- --- ---
--- --- ---
MBAM log: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 15.10.2014
Suchlauf-Zeit: 18:00:49
Logdatei: MBAM.txt
Administrator: Ja
Version: 2.00.3.1025
Malware Datenbank: v2014.10.15.06
Rootkit Datenbank: v2014.10.15.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lukas
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 329101
Verstrichene Zeit: 7 Min, 55 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 1
PUP.Optional.LookThisUp.A, C:\Users\Lukas\AppData\Roaming\LookThisUp\LookThisUp.exe, 4536, Löschen bei Neustart, [6b97e92cadcf37ff79697d41b948e818]
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 18
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, In Quarantäne, [e41e66af89f385b12fb64c57d032c53b],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, In Quarantäne, [e41e66af89f385b12fb64c57d032c53b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [8f73a2734f2df83e515d23b310f2e61a],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [8f73a2734f2df83e515d23b310f2e61a],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [1fe351c40478cf675534ccd650b2639d],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [1fe351c40478cf675534ccd650b2639d],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [758d47ce8bf1270fd75034a62cd6847c],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [758d47ce8bf1270fd75034a62cd6847c],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [df23e92c1e5e53e331c3c2ae56ae8878],
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware, In Quarantäne, [11f130e5a9d3a690798adc70c73c27d9],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [b15152c30f6df442f082b47edd260ff1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [18eae62f4735e4527403b56aa06345bb],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [738fad68b6c6211570062bf4659e966a],
PUP.Optional.HQVideo.A, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Profession-1.3, In Quarantäne, [a85a1302daa2b086a2652863897b2fd1],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HQ-Video, In Quarantäne, [06fc25f0fa82181e288af030d330f709],
PUP.Optional.LookThisUp.A, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LOOKTHISUP, In Quarantäne, [5aa8d540cab2171fd693918bdc27639d],
PUP.Optional.BProtector.A, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [56acba5b6715ce68daaa0b5dbc486d93],
PUP.Optional.Softonic.A, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [936f878e8af2e74fd086d26c40c30000],
Registrierungswerte: 9
PUP.Optional.LookThisUp.A, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LookThisUp, "C:\Users\Lukas\AppData\Roaming\LookThisUp\LookThisUp.exe", In Quarantäne, [6b97e92cadcf37ff79697d41b948e818]
PUP.Optional.DVDVideoSoftTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}, In Quarantäne, [aa58d73eb6c683b33480415abb477a86],
PUP.Optional.DVDVideoSoftTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, In Quarantäne, [aa58d73eb6c683b33480415abb477a86],
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [50b2e233ff7dda5c50c839e56e95e31d]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [c53d7a9b4e2e2b0b3ddb9b8346bd03fd]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, In Quarantäne, [738fad68b6c6211570062bf4659e966a]
PUP.Optional.LookThisUp.A, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LOOKTHISUP|Cohort, 20140921, In Quarantäne, [5aa8d540cab2171fd693918bdc27639d]
PUP.BProtector, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www2.delta-search.com/?affID=121562&babsrc=HP_ss&mntrId=C020C83A35C96B8E, In Quarantäne, [ae54cb4a9ddfa39377c575f0a75d738d]
PUP.BProtector, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [32d0fa1b255759dd9da0075eec1850b0]
Registrierungsdaten: 9
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.awesomehp.com/?type=hp&ts=1393260229&from=tugs&uid=WL1000GSA3254G_WOCL2500123322533225, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1393260229&from=tugs&uid=WL1000GSA3254G_WOCL2500123322533225),Ersetzt,[bd4591841765b680bb4ee82f20e50df3]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[20e21cf9daa2cb6b3186e43c33d242be]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.awesomehp.com/web/?type=ds&ts=1393260229&from=tugs&uid=WL1000GSA3254G_WOCL2500123322533225&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/web/?type=ds&ts=1393260229&from=tugs&uid=WL1000GSA3254G_WOCL2500123322533225&q={searchTerms}),Ersetzt,[cb37e332067625118384a176d92cd22e]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.awesomehp.com/?type=hp&ts=1393260229&from=tugs&uid=WL1000GSA3254G_WOCL2500123322533225, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1393260229&from=tugs&uid=WL1000GSA3254G_WOCL2500123322533225),Ersetzt,[9a68bd58b7c51b1b877b27f0a85d26da]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.awesomehp.com/?type=hp&ts=1393260229&from=tugs&uid=WL1000GSA3254G_WOCL2500123322533225, Gut: (www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1393260229&from=tugs&uid=WL1000GSA3254G_WOCL2500123322533225),Ersetzt,[4eb431e483f975c150b9c84fe61f34cc]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmfYdMsk7a-Vib4bfH3IerjkL3AsH7dHUyl9wJQ6jhhbqDMV8Zs0v-0SH-5MNEjNulcrsSfJPmwIzSG7ekdkwTke457grLt3Tfr6ZvtaX8ZOw4Pc36dYWOdtdp3ykqqB1QkZs7-xWta3G9wRasG62xnh2-EQ,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmfYdMsk7a-Vib4bfH3IerjkL3AsH7dHUyl9wJQ6jhhbqDMV8Zs0v-0SH-5MNEjNulcrsSfJPmwIzSG7ekdkwTke457grLt3Tfr6ZvtaX8ZOw4Pc36dYWOdtdp3ykqqB1QkZs7-xWta3G9wRasG62xnh2-EQ,&q={searchTerms}),Ersetzt,[e31feb2a413b7eb8737b70a4e520cd33]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmfYdMsk7a-Vib4bfH3IerjkL3AsH7dHUyl9wJQ6jhhbqDMV8Zs0v-0SH-5MNEjNulcrsSfJPmwIzSG7ekdkwTke457grLt3Tfr6ZvtaX8ZOw4Pc36dYWOdtdp3ykqqB1QkZs7-xWta3G9wRasG62xnh2-EM,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmfYdMsk7a-Vib4bfH3IerjkL3AsH7dHUyl9wJQ6jhhbqDMV8Zs0v-0SH-5MNEjNulcrsSfJPmwIzSG7ekdkwTke457grLt3Tfr6ZvtaX8ZOw4Pc36dYWOdtdp3ykqqB1QkZs7-xWta3G9wRasG62xnh2-EM,&q={searchTerms}),Ersetzt,[ae5422f3c9b3b383f2015db70ff60af6]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmfYdMsk7a-Vib4bfH3IerjkL3AsH7dHUyl9wJQ6jhhbqDMV8Zs0v-0SH-5MNEjNulcrsSfJPmwIzSG7ekdkwTke457grLt3Tfr6ZvtaX8ZOw4Pc36dYWOdtdp3ykqqB1QkZs7-xWta3G9wRasG62xnh2-EM,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmfYdMsk7a-Vib4bfH3IerjkL3AsH7dHUyl9wJQ6jhhbqDMV8Zs0v-0SH-5MNEjNulcrsSfJPmwIzSG7ekdkwTke457grLt3Tfr6ZvtaX8ZOw4Pc36dYWOdtdp3ykqqB1QkZs7-xWta3G9wRasG62xnh2-EM,&q={searchTerms}),Ersetzt,[80823adb225aac8a23d11400cc3915eb]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-476715000-3797608541-1016296575-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmfYdMsk7a-Vib4bfH3IerjkL3AsH7dHUyl9wJQ6jhhbqDMV8Zs0v-0SH-5MNEjNulcrsSfJPmwIzSG7ekdkwTke457grLt3Tfr6ZvtaX8ZOw4Pc36dYWOdtdp3ykqqB1QkZs7-xWta3G9wRasG62xnh2-EM,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmfYdMsk7a-Vib4bfH3IerjkL3AsH7dHUyl9wJQ6jhhbqDMV8Zs0v-0SH-5MNEjNulcrsSfJPmwIzSG7ekdkwTke457grLt3Tfr6ZvtaX8ZOw4Pc36dYWOdtdp3ykqqB1QkZs7-xWta3G9wRasG62xnh2-EM,&q={searchTerms}),Ersetzt,[cc3669acbdbf3cfa589782927095b24e]
Ordner: 13
PUP.Optional.LookThisUp.A, C:\Users\Lukas\AppData\Roaming\LookThisUp, Löschen bei Neustart, [44be7e9736462b0b3a2e100cd3303ec2],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy, In Quarantäne, [14ee29ec75071d1931f78c5ec73b1ce4],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\331E37B52FAC4ABE9AF8F4E9BD456479, In Quarantäne, [14ee29ec75071d1931f78c5ec73b1ce4],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\D0E098177A5542B99712E0BA347A80BF, In Quarantäne, [14ee29ec75071d1931f78c5ec73b1ce4],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\DA2D824682F14E3E800B9EB59D81CCED, In Quarantäne, [14ee29ec75071d1931f78c5ec73b1ce4],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\E58D4609C8AA4FF69B54687DFBC8DF88, In Quarantäne, [14ee29ec75071d1931f78c5ec73b1ce4],
PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me, In Quarantäne, [19e9aa6b53299f9786408b6053afd22e],
PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\cache, In Quarantäne, [19e9aa6b53299f9786408b6053afd22e],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [3bc72de8641870c6d7f71dcfc53d53ad],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [3bc72de8641870c6d7f71dcfc53d53ad],
PUP.Optional.SupTab.A, C:\Users\Lukas\AppData\Roaming\SupTab, In Quarantäne, [19e95bba98e40234e851fe0ad42fef11],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Lukas\AppData\LocalLow\DVDVideoSoftTB_DE, In Quarantäne, [56ac9c79df9d171fc4eb3ad9768df20e],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Lukas\AppData\LocalLow\DVDVideoSoftTB_DE\Logs, In Quarantäne, [56ac9c79df9d171fc4eb3ad9768df20e],
Dateien: 20
PUP.Optional.LookThisUp.A, C:\Users\Lukas\AppData\Roaming\LookThisUp\LookThisUp.exe, Löschen bei Neustart, [6b97e92cadcf37ff79697d41b948e818],
PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\nengine.dll, In Quarantäne, [f70b3adb0c704fe75c833533c43d37c9],
PUP.Optional.Delta.A, C:\Users\Lukas\AppData\Roaming\OpenCandy\DA2D824682F14E3E800B9EB59D81CCED\DeltaTB.exe, In Quarantäne, [659d1ef7c8b4a98d24a13fdc6d9449b7],
PUP.Optional.PriceMeter.A, C:\Users\Lukas\AppData\Roaming\RHEng\D0E098177A5542B99712E0BA347A80BF\pm.exe, In Quarantäne, [5aa827ee63192412c68e4f2e61a026da],
PUP.Optional.SupTab.A, C:\Users\Lukas\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [ea1867ae4b315dd97a0afc39709024dc],
PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Local\genienext\nengine.dll, In Quarantäne, [b34fa96c601c63d3db0412567e832cd4],
PUP.Optional.LookThisUp.A, C:\Users\Lukas\AppData\Roaming\LookThisUp\RootCert.cer, In Quarantäne, [44be7e9736462b0b3a2e100cd3303ec2],
PUP.Optional.LookThisUp.A, C:\Users\Lukas\AppData\Roaming\LookThisUp\makecert.exe, In Quarantäne, [44be7e9736462b0b3a2e100cd3303ec2],
PUP.Optional.LookThisUp.A, C:\Users\Lukas\AppData\Roaming\LookThisUp\storage.bin, In Quarantäne, [44be7e9736462b0b3a2e100cd3303ec2],
Worm.Zhelatin, C:\Windows\System32\fsvk.exe.exe, In Quarantäne, [a45e4ec7d9a3181e3aa824720ef5b14f],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\DA2D824682F14E3E800B9EB59D81CCED\5404.ico, In Quarantäne, [14ee29ec75071d1931f78c5ec73b1ce4],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\DA2D824682F14E3E800B9EB59D81CCED\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [14ee29ec75071d1931f78c5ec73b1ce4],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\DA2D824682F14E3E800B9EB59D81CCED\OCBrowserHelper_1.0.6.124.exe, In Quarantäne, [14ee29ec75071d1931f78c5ec73b1ce4],
PUP.Optional.OpenCandy, C:\Users\Lukas\AppData\Roaming\OpenCandy\E58D4609C8AA4FF69B54687DFBC8DF88\TuneUp_PC_2.4.6.4_CPMID_347.exe, In Quarantäne, [14ee29ec75071d1931f78c5ec73b1ce4],
PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [19e9aa6b53299f9786408b6053afd22e],
PUP.Optional.NextLive.A, C:\Users\Lukas\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [19e9aa6b53299f9786408b6053afd22e],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [3bc72de8641870c6d7f71dcfc53d53ad],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Lukas\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll, In Quarantäne, [56ac9c79df9d171fc4eb3ad9768df20e],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Lukas\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll, In Quarantäne, [56ac9c79df9d171fc4eb3ad9768df20e],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Lukas\AppData\LocalLow\DVDVideoSoftTB_DE\toolbar.cfg, In Quarantäne, [56ac9c79df9d171fc4eb3ad9768df20e],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
AdwCleaner [S0] log: Code:
# AdwCleaner v4.000 - Bericht erstellt am 15/10/2014 um 18:24:50
# DB v
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lukas - LUKAS-PC
# Gestartet von : C:\Users\Lukas\Desktop\AdwCleaner_4.000.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\awesomehp
Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Public\Util
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\AlawarWrapper
Ordner Gelöscht : C:\Users\Lukas\AppData\Local\AlawarWrapper
Ordner Gelöscht : C:\Users\Public\Documents\AlawarWrapper
***** [ Tasks ] *****
Task Gelöscht : BrowserProtect
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKCU\Software\86dcd9e66dbd14
Schlüssel Gelöscht : HKLM\SOFTWARE\86dcd9e66dbd14
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
*************************
AdwCleaner[R0].txt - [4064 octets] - [15/10/2014 18:22:40]
AdwCleaner[S0].txt - [3666 octets] - [15/10/2014 18:24:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3726 octets] ##########
JRT log: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lukas on 15.10.2014 at 18:31:01,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update plurpush
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePlurPush_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePlurPush_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AF9C9C2B-D611-4082-A707-57BB6ABA63E2}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Lukas\appdata\local\{562D61E6-E76B-440D-9175-FC8C8AB9633C}
Successfully deleted: [Empty Folder] C:\Users\Lukas\appdata\local\{75DBE86F-9DE4-4F12-96EC-94F081FF41A8}
Successfully deleted: [Empty Folder] C:\Users\Lukas\appdata\local\{8BE4A68E-CF0B-426F-9AB8-6CC28CE34B51}
Successfully deleted: [Empty Folder] C:\Users\Lukas\appdata\local\{8C9C1351-6C35-47EA-880F-A07AE6800E8A}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.10.2014 at 18:34:36,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bem starten des Browsers kam die meldung, dass ich die Lan Einstellungen des Proxy Servers andern soll. ich hoffen, dass das nicht weiter schlimm ist oä.
lg. |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: 
