Aus Yahoo Account werden Spam Mails versandt

umrepus · 29.01.2014, 11:12

Hallo, ich bin ganz neu hier und auch überhaupt kein Computerprofi.

Aus meinem Yahoo Account wurden innerhalb von einer Woche 2 x Spam Mails versandt an Kontakte aus meinem Adressbuch. Das heisst, das Adressbuch habe ich schon vor Monaten gelöscht aus Sicherheitsgründen und ist eigentlich leer. Beim ersten Spam Versand habe ich auch sofort das Passwort geändert und jetzt beim 2. Mal auch wieder. Das PW besteht aus Gross- und Kleinbuchstaben, Sonderzeichen und Zahlen, daran sollte es nicht liegen.

Gibt es ein Programm um den PC auf Viren zu überprüfen oder was kann ich tun? Avira habe ich bereits.

cosinus · 29.01.2014, 11:25

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

umrepus · 29.01.2014, 12:52

Hi, vielen Dank. Hatte keine Funde durch Avira. Hoffe habe alles richtig gemacht, habe so keine Ahnung...... Merci sowieso SueFRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014
Ran by User at 2014-01-29 12:45:48
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.1) - Deutsch (x32 Version: 10.1.1 - Adobe Systems Incorporated)
aEton CommunicaEor (x32 Version: 0.1.0.12 - aEton Usenet LTD)
Allway Sync version 11.6.1 (x32 Version:  - Botkind Inc)
Alps Pointing-device for VAIO (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.115 - ArcSoft)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.21.368 - ArcSoft)
ATI Catalyst Install Manager (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (x32 Version: 12.10.0.2949 - APN, LLC)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0209.16.306 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0920.2143.37117 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help English (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help French (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help German (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0920.2143.37117 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0920.2143.37117 - ATI) Hidden
CCleaner (Version: 4.05 - Piriform)
Color Oes Fotoservice (x32 Version:  - )
colorfotoservice Fotowelt (x32 Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Die Siedler 7 (x32 Version: 1.12.1396 - Ubisoft)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
EasyTax 2011 AG 1.0 (x32 Version:  - HWI Solutions AG)
EasyTax 2012 AG 1.0 (x32 Version: 1.0 - HWI Solutions AG)
EPSON SX430 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
Evernote (x32 Version: 3.5.4.2224 - Evernote Corp.)
Freemake Video Converter Version 3.2.1 (x32 Version: 3.2.1 - Ellora Assets Corporation)
Garmin Communicator Plugin x64 (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Lifetime Updater (x32 Version: 2.1.11 - Garmin)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
HTC BMP USB Driver (x32 Version: 1.0.5375 - HTC)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002 - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.30 - Irfan Skiljan)
iTunes (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 21 (64-bit) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (64-bit) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 20 (x32 Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
Opera Stable 18.0.1284.63 (x32 Version: 18.0.1284.63 - Opera Software ASA)
PMB (x32 Version: 5.3.00.06040 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180 - Sony Corporation) Hidden
Quick Web Access (x32 Version: 1.4.7.0 - Sony Corporation)
Quick Web Access (x32 Version: 1.4.7.0 - Sony Corporation) Hidden
Ravensburger tiptoi (x32 Version:  - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.3 - RealNetworks)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (Version: 1.42 - Piriform)
Remote Play mit PlayStation®3 (x32 Version: 1.0.2.06210 - Sony Corporation)
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210 - Sony Corporation) Hidden
Remote-Tastatur mit PlayStation 3 (x32 Version: 1.0.2.06170 - Sony Corporation)
Siedler3 (x32 Version:  - )
Synology Assistant (remove only) (x32 Version:  - )
TomTom HOME 2.8.2.2264 (x32 Version: 2.8.2.2264 - TomTom)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
VAIO - Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.3.0.05310 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO DVD Menu Data (x32 Version: 2.2.00.05120 - Sony Corporation)
VAIO Gate (x32 Version: 2.4.0.06210 - Sony Corporation)
VAIO Gate Default (x32 Version: 2.2.0.07020 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Media plus (Version: 2.1.0 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.18210 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (x32 Version: 2.1.0.13220 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.3.0.06041 - Sony Corporation)
VAIO screensaver (x32 Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (x32 Version: 3.3.0.06080 - Sony Corporation)
VAIO Update (x32 Version: 6.1.1.10250 - Sony Corporation)
VAIO-Handbuch (x32 Version: 1.1.0.05280 - Sony Corporation)
VAIO-Support für Übertragungen (x32 Version: 1.2.0.06230 - Sony Corporation)
VoiceOver Kit (x32 Version: 1.42.128.0 - Apple Inc.)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points  =========================

23-01-2014 09:53:13 Installed Java 7 Update 51
24-01-2014 09:04:00 Windows Update
28-01-2014 09:39:13 VAIO Care Automatic Restore Point
28-01-2014 17:39:47 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044BEEF3-2215-409C-8DA1-607EE1917EDC} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {07E74592-13CB-4CE6-9C26-D2D6C7B6706C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1939857806-2854763199-3128504920-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2778DD96-DFAE-4E98-9F34-D2C7E1ADADB8} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {2AAB357F-5A56-4936-86C0-B6441E021E05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {34A57BDE-EE51-414C-B0A0-7064CF2F5E2A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {371D9F98-696E-4643-B26F-5BFEC85340A2} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {551748E5-B792-465D-984B-38EF515BBE61} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
Task: {6A9CA70C-642B-4D1A-BC40-81FCF741E70D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.)
Task: {6B60B43C-89EA-47C5-886B-A304AB8A03AB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1939857806-2854763199-3128504920-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {76E6ED6B-CE05-40B9-B1E0-15C45AD08E79} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {77516909-04E0-4325-AA5F-C6017429FD68} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {79532D26-D6BA-4B65-A25D-AB3A62702C2B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1939857806-2854763199-3128504920-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {79B8A0DB-A183-4994-BBB3-ED043C8BF6AD} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music User => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2010-01-20] (Sony Corporation)
Task: {85A933A3-864D-4DAD-A409-D03430F886E9} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {95C7243E-78AB-469E-90B2-EB9F18C801D4} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-06-21] (Sony Corporation)
Task: {962D6715-0469-49D7-AF5C-F81D44DB1A43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10] (Google Inc.)
Task: {A95FF743-0529-4FD8-BF3B-FB13EA62ACA2} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {AA8978C6-86FC-4E1C-A7A7-7282B6844293} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1939857806-2854763199-3128504920-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {ACE65905-7748-4C1E-9242-562D301ED5BF} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
Task: {AE113036-2BFA-469A-8754-4CB36D3D21B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {CC08F286-D0AD-47A0-B4E0-F0714778FDF4} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-06-21] (Sony Corporation)
Task: {CC7063EE-3330-4B7C-8756-32C1CC788CC9} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {FD9D52AC-FB90-4E75-8916-367A09D24AF3} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-08-24 14:39 - 2010-08-24 14:39 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-20 12:09 - 2011-11-20 12:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-28 20:26 - 2013-11-22 12:01 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2006-05-30 11:08 - 2010-05-31 18:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2006-05-30 11:08 - 2010-05-31 18:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2010-01-20 12:57 - 2010-01-20 12:57 - 00495616 _____ () C:\Program Files\Sony\VAIO Personalization Manager\sqlite3.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
2013-01-10 03:46 - 2013-01-10 03:46 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-07-12 22:29 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-01-17 10:16 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-17 10:16 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-17 10:16 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-17 10:16 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-17 10:16 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2014-01-17 10:16 - 2014-01-11 11:29 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2014 00:03:30 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (01/29/2014 00:03:05 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (01/29/2014 00:02:58 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (01/29/2014 00:02:52 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (01/29/2014 00:02:49 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (01/29/2014 00:01:56 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (01/29/2014 00:01:51 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (01/29/2014 00:01:46 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (01/29/2014 00:01:25 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (01/29/2014 00:01:05 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.


System errors:
=============
Error: (01/29/2014 00:45:00 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 18 Mal passiert.

Error: (01/29/2014 00:45:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%183

Error: (01/29/2014 00:44:21 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 17 Mal passiert.

Error: (01/29/2014 00:44:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%183

Error: (01/29/2014 00:44:18 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 16 Mal passiert.

Error: (01/29/2014 00:44:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%183

Error: (01/29/2014 00:42:12 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 15 Mal passiert.

Error: (01/29/2014 00:42:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%183

Error: (01/29/2014 00:42:01 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 14 Mal passiert.

Error: (01/29/2014 00:42:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%183


Microsoft Office Sessions:
=========================
Error: (01/29/2014 00:03:30 PM) (Source: Windows Search Service)(User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (01/29/2014 00:03:05 PM) (Source: Windows Search Service)(User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (01/29/2014 00:02:58 PM) (Source: Windows Search Service)(User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (01/29/2014 00:02:52 PM) (Source: Windows Search Service)(User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (01/29/2014 00:02:49 PM) (Source: Windows Search Service)(User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (01/29/2014 00:01:56 PM) (Source: Windows Search Service)(User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (01/29/2014 00:01:51 PM) (Source: Windows Search Service)(User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (01/29/2014 00:01:46 PM) (Source: Windows Search Service)(User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (01/29/2014 00:01:25 PM) (Source: Windows Search Service)(User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (01/29/2014 00:01:05 PM) (Source: Windows Search Service)(User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 3950.1 MB
Available physical RAM: 1621.76 MB
Total Pagefile: 7898.33 MB
Available Pagefile: 4689.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:452.34 GB) (Free:278.1 GB) NTFS
Drive d: (ACS_WR_MB) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS
Drive e: (CANON_DC) (Removable) (Total:59.45 GB) (Free:59.41 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2BAACABC)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 59 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=59 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

cosinus · 29.01.2014, 13:52

Das andere FRST Log fehlt

umrepus · 29.01.2014, 16:37

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by User (administrator) on USER-VAIO on 29-01-2014 16:35:23
Running from C:\Users\User\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\User\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SHTtray.exe] - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-06-20] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Garmin Lifetime Updater] - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1466760 2012-06-04] (Garmin)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-08] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Elbserver] - C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [81264 2010-06-22] (Sony Corporation)
HKCU\...\Run: [VRLPHelper] - C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe [183152 2010-06-22] (Sony Corporation)
HKCU\...\Run: [EPSON SX430 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [EPSON02AC52 (Epson Stylus SX430)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
MountPoints2: {93238799-efc2-11da-b626-806e6f6e6963} - D:\Play.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{16cdf~1\browse~1.dll => File Not Found
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {D6B1F3EB-FE32-4B12-BA58-B86C2A3AF9F1} URL = hxxp://avira.search.ask.com/web?p2=%5EB0R%5EYYYYYY%5EZF%5ECH&gct=&itbv=12.6.0.1898&o=APN11075&tpid=AVIRA-V7&apn_uid=BD835A48-45BB-4598-B2DB-98D0C232350B&apn_ptnrs=%5EB0R&apn_dtid=%5EYYYYYY%5EZF%5ECH&apn_dbr=cr_31.0.1650.57&doi=2013-11-28&trgb=ALL&q={searchTerms}&psv=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - {2395EE5A-F4AC-4F0F-8B5C-ED24A6EFAB0E} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {D6B1F3EB-FE32-4B12-BA58-B86C2A3AF9F1} URL = hxxp://avira.search.ask.com/web?p2=%5EB0R%5EYYYYYY%5EZF%5ECH&gct=&itbv=12.6.0.1898&o=APN11075&tpid=AVIRA-V7&apn_uid=BD835A48-45BB-4598-B2DB-98D0C232350B&apn_ptnrs=%5EB0R&apn_dtid=%5EYYYYYY%5EZF%5ECH&apn_dbr=cr_31.0.1650.57&doi=2013-11-28&trgb=ALL&q={searchTerms}&psv=
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\user.js
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://de.mc247.mail.yahoo.com/mc/welcome?.gx=1&.tm=1314565144&.rand=3paqblqdq314v#_pg=showMessage&sMid=0&&filterBy=&.rand=1598892259&midIndex=0&mid=1_9904_ALdoUtQAAUGLTlmBCg4SPQFGSVA&f=1&fromId=kundendienst@ricardo.ch&m=1_9904_ALdoUtQAAUGLTlmBCg4SPQFGSVA,1_7927_ALhoUtQAAMeKTlklvgt0jSKdmfI,1_159_ALRoUtQAANUaTlgwcA2xjF%2BRKQk,1_1093_ALxoUtQAAJqNTlaeAgQtx3J%2FvV8,1_2013_ALZoUtQAACjeTlKGzwDauALuOoc,1_2933_ALJoUtQAATZWTlJ5XQ8ETXt2l9w,&sort=date&order=down&startMid=0&hash=8ddf1b71756208341284a360b42e87e9&.jsrand=3327297|hxxp://de.mc247.mail.yahoo.com/mc/welcome?.tm=1314565205
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\searchplugins\BabylonMngr.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\searchplugins\Web Search.xml
FF Extension: Yahoo! Toolbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011-12-20]
FF Extension: PriceGong - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2013-06-10]
FF Extension: HomeTab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\Extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee} [2013-06-10]
FF Extension: All-in-One Sidebar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2011-07-27]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-08]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-12-06]
CHR Extension: (RealDownloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-03]
CHR Extension: (Freemake Video Converter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-04-03]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-12-20]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-02-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-02-21] (Freemake)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] ()
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-29 16:35 - 2014-01-29 16:35 - 02079744 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2014-01-29 12:45 - 2014-01-29 12:46 - 00029710 _____ C:\Users\User\Downloads\Addition.txt
2014-01-29 12:44 - 2014-01-29 16:35 - 00023842 _____ C:\Users\User\Downloads\FRST.txt
2014-01-29 12:44 - 2014-01-29 16:35 - 00000000 ____D C:\FRST
2014-01-29 12:44 - 2014-01-29 12:44 - 02079744 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-29 12:02 - 2014-01-29 12:33 - 00000000 ____D C:\Users\User\Desktop\bestofliniejeanine
2014-01-28 16:31 - 2014-01-28 18:41 - 00000000 ____D C:\Users\User\Desktop\2014-01-28
2014-01-28 03:43 - 2014-01-28 03:43 - 00037012 _____ C:\Windows\system32\s000000.dat
2014-01-28 03:42 - 2014-01-28 03:43 - 00000040 _____ C:\Windows\system32\sstate_prev.sdt
2014-01-28 03:42 - 2014-01-28 03:42 - 00000000 _____ C:\Windows\system32\sstates.sdt
2014-01-23 18:02 - 2014-01-23 18:02 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2014-01-23 10:54 - 2014-01-23 10:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-23 10:54 - 2014-01-23 10:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-23 10:52 - 2014-01-23 10:52 - 29141928 _____ (Oracle Corporation) C:\Users\User\Downloads\jre-7u51-windows-i586.exe
2014-01-23 10:50 - 2014-01-23 10:50 - 00000000 ____D C:\Users\User\AppData\Local\Inquisit
2014-01-23 10:49 - 2014-01-23 10:50 - 00001875 _____ C:\Users\User\Downloads\Inquisit (1).jnlp
2014-01-23 10:49 - 2014-01-23 10:49 - 00001875 _____ C:\Users\User\Downloads\Inquisit.jnlp
2014-01-23 10:05 - 2014-01-27 10:33 - 00003204 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1939857806-2854763199-3128504920-1000
2014-01-23 10:04 - 2014-01-27 10:33 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1939857806-2854763199-3128504920-1000
2014-01-21 13:12 - 2014-01-29 16:04 - 00002184 _____ C:\Windows\setupact.log
2014-01-21 13:12 - 2014-01-21 13:12 - 00000000 _____ C:\Windows\setuperr.log
2014-01-21 13:10 - 2014-01-21 13:10 - 00000000 __SHD C:\found.001
2014-01-02 22:52 - 2014-01-02 22:52 - 00001076 _____ C:\Users\User\Desktop\tiptoi.lnk

==================== One Month Modified Files and Folders =======

2014-01-29 16:35 - 2014-01-29 16:35 - 02079744 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2014-01-29 16:35 - 2014-01-29 12:44 - 00023842 _____ C:\Users\User\Downloads\FRST.txt
2014-01-29 16:35 - 2014-01-29 12:44 - 00000000 ____D C:\FRST
2014-01-29 16:30 - 2013-06-10 14:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 16:18 - 2013-02-16 20:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 16:12 - 2009-07-14 05:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 16:12 - 2009-07-14 05:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 16:08 - 2006-05-30 11:02 - 02048102 _____ C:\Windows\WindowsUpdate.log
2014-01-29 16:04 - 2014-01-21 13:12 - 00002184 _____ C:\Windows\setupact.log
2014-01-29 16:04 - 2013-06-10 14:01 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 16:04 - 2013-02-17 20:45 - 00000000 ___RD C:\Users\User\Dropbox
2014-01-29 16:04 - 2013-02-17 20:33 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2014-01-29 16:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 12:46 - 2014-01-29 12:45 - 00029710 _____ C:\Users\User\Downloads\Addition.txt
2014-01-29 12:44 - 2014-01-29 12:44 - 02079744 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-29 12:33 - 2014-01-29 12:02 - 00000000 ____D C:\Users\User\Desktop\bestofliniejeanine
2014-01-29 09:21 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-28 18:41 - 2014-01-28 16:31 - 00000000 ____D C:\Users\User\Desktop\2014-01-28
2014-01-28 16:33 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-28 16:33 - 2006-05-30 11:55 - 00654852 _____ C:\Windows\system32\perfh007.dat
2014-01-28 16:33 - 2006-05-30 11:55 - 00130434 _____ C:\Windows\system32\perfc007.dat
2014-01-28 03:43 - 2014-01-28 03:43 - 00037012 _____ C:\Windows\system32\s000000.dat
2014-01-28 03:43 - 2014-01-28 03:42 - 00000040 _____ C:\Windows\system32\sstate_prev.sdt
2014-01-28 03:42 - 2014-01-28 03:42 - 00000000 _____ C:\Windows\system32\sstates.sdt
2014-01-27 10:33 - 2014-01-23 10:05 - 00003204 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1939857806-2854763199-3128504920-1000
2014-01-27 10:33 - 2014-01-23 10:04 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1939857806-2854763199-3128504920-1000
2014-01-26 18:28 - 2006-05-30 12:02 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7148F168-FBB0-4E79-81BB-9C78DBACBDD1}
2014-01-23 18:02 - 2014-01-23 18:02 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2014-01-23 18:02 - 2013-02-17 21:59 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2014-01-23 10:54 - 2014-01-23 10:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-23 10:54 - 2014-01-23 10:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-23 10:54 - 2013-09-11 22:52 - 00000000 ____D C:\ProgramData\Oracle
2014-01-23 10:54 - 2013-05-27 11:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-23 10:54 - 2013-05-27 11:51 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-23 10:54 - 2006-05-30 11:27 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-23 10:52 - 2014-01-23 10:52 - 29141928 _____ (Oracle Corporation) C:\Users\User\Downloads\jre-7u51-windows-i586.exe
2014-01-23 10:50 - 2014-01-23 10:50 - 00000000 ____D C:\Users\User\AppData\Local\Inquisit
2014-01-23 10:50 - 2014-01-23 10:49 - 00001875 _____ C:\Users\User\Downloads\Inquisit (1).jnlp
2014-01-23 10:49 - 2014-01-23 10:49 - 00001875 _____ C:\Users\User\Downloads\Inquisit.jnlp
2014-01-22 18:05 - 2011-10-26 18:41 - 00000000 ___HD C:\ProgramData\ArcSoft
2014-01-21 13:12 - 2014-01-21 13:12 - 00000000 _____ C:\Windows\setuperr.log
2014-01-21 13:10 - 2014-01-21 13:10 - 00000000 __SHD C:\found.001
2014-01-19 19:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-19 00:02 - 2013-02-17 20:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-19 00:02 - 2006-05-30 12:02 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 22:18 - 2010-07-12 22:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-18 22:17 - 2006-05-30 12:02 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-18 22:09 - 2012-09-13 11:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Real
2014-01-15 10:50 - 2013-08-16 02:02 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 10:47 - 2011-08-04 20:54 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-07 20:53 - 2011-11-18 20:23 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-07 20:53 - 2011-11-18 20:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-01-07 20:53 - 2011-07-25 19:55 - 00000000 ____D C:\Users\User\AppData\Roaming\IrfanView
2014-01-07 20:53 - 2010-07-12 23:47 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-07 20:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-01-07 20:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-07 20:53 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-07 20:52 - 2012-09-13 11:19 - 00000000 ____D C:\ProgramData\Real
2014-01-05 16:22 - 2011-11-18 20:24 - 00000000 ____D C:\Users\User\AppData\Roaming\SoftGrid Client
2014-01-05 09:48 - 2011-07-27 07:16 - 00074231 _____ C:\test.xml
2014-01-02 22:52 - 2014-01-02 22:52 - 00001076 _____ C:\Users\User\Desktop\tiptoi.lnk
2014-01-02 22:51 - 2011-08-05 14:48 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2014-01-01 12:11 - 2013-03-24 17:22 - 00000000 ____D C:\Users\User\Documents\Immobilien

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\tmp3C7.exe
C:\Users\User\AppData\Local\Temp\tmp4B22.exe
C:\Users\User\AppData\Local\Temp\tmpA9B8.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 11:42

==================== End Of Log ============================

--- --- ---

cosinus · 29.01.2014, 16:44

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

umrepus · 29.01.2014, 17:50

Es wurde nichts gefunden

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.01.29.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-VAIO [administrator]

29.01.2014 17:16:38
mbar-log-2014-01-29 (17-16-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 240835
Time elapsed: 23 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Während dem Scan hat Avira eine Meldung gebracht
ADWARE/Adware.Gen2

cosinus · 29.01.2014, 23:09

Logs bitte in CODE-Tags posten

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

umrepus · 30.01.2014, 08:28

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 30/01/2014 um 08:04:38
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : User - USER-VAIO
# Gestartet von : C:\Users\User\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\User\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\User\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\User\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\HomeTab
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\imeshtoolbarguid
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\User\AppData\Roaming\HomeTab
Ordner Gelöscht : C:\Users\User\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\User\AppData\Roaming\SimplyTech
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\imeshtoolbarguid
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\Extensions\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\Extensions\{AA9CC3FA-A5E4-449B-AAB5-1EBDBC7314EE}
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\searchplugins\BabylonMngr.xml
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\user.js
Datei Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Windows\System32\Tasks\ProtectedSearch

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_envisioneer-express_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_envisioneer-express_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_recuva_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_recuva_RASMANCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Zeile gelöscht : user_pref("extensions.asktb.abar-war-timeout", "4000");
Zeile gelöscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Zeile gelöscht : user_pref("extensions.asktb.cbid", "81");
Zeile gelöscht : user_pref("extensions.asktb.config-updated", false);
Zeile gelöscht : user_pref("extensions.asktb.crumb", "2011.08.11+04.54.21-toolbar011iad-CH-WnVyaWNoLFN3aXR6ZXJsYW5k");
Zeile gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all&gct=bar");
Zeile gelöscht : user_pref("extensions.asktb.displaybehavior", "");
Zeile gelöscht : user_pref("extensions.asktb.displaytext", "");
Zeile gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYCH");
Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "SZXX0033");
Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
Zeile gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true);
Zeile gelöscht : user_pref("extensions.asktb.fresh-install", false);
Zeile gelöscht : user_pref("extensions.asktb.guid", "32E1310D-E580-48C8-99A6-43A1DC86120A");
Zeile gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Zeile gelöscht : user_pref("extensions.asktb.if", "first");
Zeile gelöscht : user_pref("extensions.asktb.l", "dis");
Zeile gelöscht : user_pref("extensions.asktb.last-config-req", "1327392063433");
Zeile gelöscht : user_pref("extensions.asktb.last-search-timestamp", "1314304537721");
Zeile gelöscht : user_pref("extensions.asktb.last-v", "3.12.2.100009");
Zeile gelöscht : user_pref("extensions.asktb.locale", "de_EU");
Zeile gelöscht : user_pref("extensions.asktb.location", "Zurich,Switzerland");
Zeile gelöscht : user_pref("extensions.asktb.lstation", "");
Zeile gelöscht : user_pref("extensions.asktb.o", "41647931");
Zeile gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Zeile gelöscht : user_pref("extensions.asktb.pstate", "");
Zeile gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Zeile gelöscht : user_pref("extensions.asktb.r", "2");
Zeile gelöscht : user_pref("extensions.asktb.sa", "YES");
Zeile gelöscht : user_pref("extensions.asktb.saguid", "9F5D2D1D-7475-4212-9147-32FF28B0FDB5");
Zeile gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Zeile gelöscht : user_pref("extensions.asktb.themeid", "");
Zeile gelöscht : user_pref("extensions.asktb.to", "");
Zeile gelöscht : user_pref("extensions.asktb.v", "3.14.1.100009");
Zeile gelöscht : user_pref("extensions.asktb.volume", "");

-\\ Google Chrome v32.0.1700.76

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8919 octets] - [30/01/2014 07:58:36]
AdwCleaner[S0].txt - [8610 octets] - [30/01/2014 08:04:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8670 octets] ##########

--- --- ---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 30.01.2014 at 8:14:02.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1939857806-2854763199-3128504920-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askToolbarInstaller-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askToolbarInstaller-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askToolbarInstaller-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askToolbarInstaller-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D6B1F3EB-FE32-4B12-BA58-B86C2A3AF9F1}

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho23E6.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA119.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC2DE.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE8BB.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFF03.tmp

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\datamngr"

~~~ Chrome

Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.01.2014 at 8:20:39.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by User (administrator) on USER-VAIO on 30-01-2014 08:26:49
Running from C:\Users\User\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SHTtray.exe] - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-06-20] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Garmin Lifetime Updater] - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1466760 2012-06-04] (Garmin)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-08] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Elbserver] - C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [81264 2010-06-22] (Sony Corporation)
HKCU\...\Run: [VRLPHelper] - C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe [183152 2010-06-22] (Sony Corporation)
HKCU\...\Run: [EPSON SX430 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [EPSON02AC52 (Epson Stylus SX430)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
MountPoints2: {93238799-efc2-11da-b626-806e6f6e6963} - D:\Play.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2395EE5A-F4AC-4F0F-8B5C-ED24A6EFAB0E} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://de.mc247.mail.yahoo.com/mc/welcome?.gx=1&.tm=1314565144&.rand=3paqblqdq314v#_pg=showMessage&sMid=0&&filterBy=&.rand=1598892259&midIndex=0&mid=1_9904_ALdoUtQAAUGLTlmBCg4SPQFGSVA&f=1&fromId=kundendienst@ricardo.ch&m=1_9904_ALdoUtQAAUGLTlmBCg4SPQFGSVA,1_7927_ALhoUtQAAMeKTlklvgt0jSKdmfI,1_159_ALRoUtQAANUaTlgwcA2xjF%2BRKQk,1_1093_ALxoUtQAAJqNTlaeAgQtx3J%2FvV8,1_2013_ALZoUtQAACjeTlKGzwDauALuOoc,1_2933_ALJoUtQAATZWTlJ5XQ8ETXt2l9w,&sort=date&order=down&startMid=0&hash=8ddf1b71756208341284a360b42e87e9&.jsrand=3327297|hxxp://de.mc247.mail.yahoo.com/mc/welcome?.tm=1314565205
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: All-in-One Sidebar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\2tg971fw.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2011-07-27]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-08]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (RealDownloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-03]
CHR Extension: (Freemake Video Converter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-04-03]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-02-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-02-21] (Freemake)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] ()
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-30 08:26 - 2014-01-30 08:26 - 02079744 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-30 08:20 - 2014-01-30 08:20 - 00003181 _____ C:\Users\User\Desktop\JRT.txt
2014-01-30 08:14 - 2014-01-30 08:14 - 00000000 ____D C:\Windows\ERUNT
2014-01-30 08:12 - 2014-01-30 08:12 - 01037068 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-01-30 07:57 - 2014-01-30 08:04 - 00000000 ____D C:\AdwCleaner
2014-01-30 07:57 - 2014-01-30 07:57 - 01166132 _____ C:\Users\User\Downloads\adwcleaner.exe
2014-01-29 21:44 - 2014-01-29 21:44 - 00000000 __SHD C:\found.002
2014-01-29 17:16 - 2014-01-29 17:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-29 17:14 - 2014-01-29 21:55 - 00000000 ____D C:\Users\User\Desktop\mbar
2014-01-29 12:45 - 2014-01-29 12:46 - 00029710 _____ C:\Users\User\Downloads\Addition.txt
2014-01-29 12:44 - 2014-01-30 08:26 - 00021167 _____ C:\Users\User\Downloads\FRST.txt
2014-01-29 12:44 - 2014-01-30 08:26 - 00000000 ____D C:\FRST
2014-01-29 12:02 - 2014-01-29 12:33 - 00000000 ____D C:\Users\User\Desktop\bestofliniejeanine
2014-01-28 16:31 - 2014-01-28 18:41 - 00000000 ____D C:\Users\User\Desktop\2014-01-28
2014-01-28 03:43 - 2014-01-28 03:43 - 00037012 _____ C:\Windows\system32\s000000.dat
2014-01-28 03:42 - 2014-01-28 03:43 - 00000040 _____ C:\Windows\system32\sstate_prev.sdt
2014-01-28 03:42 - 2014-01-28 03:42 - 00000000 _____ C:\Windows\system32\sstates.sdt
2014-01-23 18:02 - 2014-01-23 18:02 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2014-01-23 10:54 - 2014-01-23 10:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-23 10:54 - 2014-01-23 10:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-23 10:52 - 2014-01-23 10:52 - 29141928 _____ (Oracle Corporation) C:\Users\User\Downloads\jre-7u51-windows-i586.exe
2014-01-23 10:50 - 2014-01-23 10:50 - 00000000 ____D C:\Users\User\AppData\Local\Inquisit
2014-01-23 10:49 - 2014-01-23 10:50 - 00001875 _____ C:\Users\User\Downloads\Inquisit (1).jnlp
2014-01-23 10:49 - 2014-01-23 10:49 - 00001875 _____ C:\Users\User\Downloads\Inquisit.jnlp
2014-01-23 10:05 - 2014-01-27 10:33 - 00003204 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1939857806-2854763199-3128504920-1000
2014-01-23 10:04 - 2014-01-27 10:33 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1939857806-2854763199-3128504920-1000
2014-01-21 13:12 - 2014-01-30 08:06 - 00002072 _____ C:\Windows\setupact.log
2014-01-21 13:12 - 2014-01-21 13:12 - 00000000 _____ C:\Windows\setuperr.log
2014-01-21 13:10 - 2014-01-21 13:10 - 00000000 __SHD C:\found.001
2014-01-02 22:52 - 2014-01-02 22:52 - 00001076 _____ C:\Users\User\Desktop\tiptoi.lnk

==================== One Month Modified Files and Folders =======

2014-01-30 08:26 - 2014-01-30 08:26 - 02079744 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-30 08:26 - 2014-01-29 12:44 - 00021167 _____ C:\Users\User\Downloads\FRST.txt
2014-01-30 08:26 - 2014-01-29 12:44 - 00000000 ____D C:\FRST
2014-01-30 08:24 - 2013-06-10 14:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-30 08:20 - 2014-01-30 08:20 - 00003181 _____ C:\Users\User\Desktop\JRT.txt
2014-01-30 08:18 - 2013-02-16 20:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 08:14 - 2014-01-30 08:14 - 00000000 ____D C:\Windows\ERUNT
2014-01-30 08:14 - 2009-07-14 05:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 08:14 - 2009-07-14 05:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 08:12 - 2014-01-30 08:12 - 01037068 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-01-30 08:10 - 2006-05-30 11:02 - 02031298 _____ C:\Windows\WindowsUpdate.log
2014-01-30 08:06 - 2014-01-21 13:12 - 00002072 _____ C:\Windows\setupact.log
2014-01-30 08:06 - 2013-06-10 14:01 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 08:06 - 2013-02-17 20:45 - 00000000 ___RD C:\Users\User\Dropbox
2014-01-30 08:06 - 2013-02-17 20:33 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2014-01-30 08:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 08:04 - 2014-01-30 07:57 - 00000000 ____D C:\AdwCleaner
2014-01-30 08:04 - 2013-02-23 23:36 - 00001104 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-01-30 07:57 - 2014-01-30 07:57 - 01166132 _____ C:\Users\User\Downloads\adwcleaner.exe
2014-01-30 07:51 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-29 21:56 - 2011-07-25 19:55 - 00000000 ____D C:\Users\User\AppData\Roaming\IrfanView
2014-01-29 21:56 - 2010-07-12 23:47 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-29 21:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-29 21:55 - 2014-01-29 17:14 - 00000000 ____D C:\Users\User\Desktop\mbar
2014-01-29 21:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-01-29 21:54 - 2012-09-13 11:19 - 00000000 ____D C:\ProgramData\Real
2014-01-29 21:44 - 2014-01-29 21:44 - 00000000 __SHD C:\found.002
2014-01-29 17:45 - 2014-01-29 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-29 12:46 - 2014-01-29 12:45 - 00029710 _____ C:\Users\User\Downloads\Addition.txt
2014-01-29 12:33 - 2014-01-29 12:02 - 00000000 ____D C:\Users\User\Desktop\bestofliniejeanine
2014-01-28 18:41 - 2014-01-28 16:31 - 00000000 ____D C:\Users\User\Desktop\2014-01-28
2014-01-28 16:33 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-28 16:33 - 2006-05-30 11:55 - 00654852 _____ C:\Windows\system32\perfh007.dat
2014-01-28 16:33 - 2006-05-30 11:55 - 00130434 _____ C:\Windows\system32\perfc007.dat
2014-01-28 03:43 - 2014-01-28 03:43 - 00037012 _____ C:\Windows\system32\s000000.dat
2014-01-28 03:43 - 2014-01-28 03:42 - 00000040 _____ C:\Windows\system32\sstate_prev.sdt
2014-01-28 03:42 - 2014-01-28 03:42 - 00000000 _____ C:\Windows\system32\sstates.sdt
2014-01-27 10:33 - 2014-01-23 10:05 - 00003204 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1939857806-2854763199-3128504920-1000
2014-01-27 10:33 - 2014-01-23 10:04 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1939857806-2854763199-3128504920-1000
2014-01-26 18:28 - 2006-05-30 12:02 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7148F168-FBB0-4E79-81BB-9C78DBACBDD1}
2014-01-23 18:02 - 2014-01-23 18:02 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2014-01-23 18:02 - 2013-02-17 21:59 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2014-01-23 10:54 - 2014-01-23 10:54 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-23 10:54 - 2014-01-23 10:54 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-23 10:54 - 2013-09-11 22:52 - 00000000 ____D C:\ProgramData\Oracle
2014-01-23 10:54 - 2013-05-27 11:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-23 10:54 - 2013-05-27 11:51 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-23 10:54 - 2006-05-30 11:27 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-23 10:52 - 2014-01-23 10:52 - 29141928 _____ (Oracle Corporation) C:\Users\User\Downloads\jre-7u51-windows-i586.exe
2014-01-23 10:50 - 2014-01-23 10:50 - 00000000 ____D C:\Users\User\AppData\Local\Inquisit
2014-01-23 10:50 - 2014-01-23 10:49 - 00001875 _____ C:\Users\User\Downloads\Inquisit (1).jnlp
2014-01-23 10:49 - 2014-01-23 10:49 - 00001875 _____ C:\Users\User\Downloads\Inquisit.jnlp
2014-01-22 18:05 - 2011-10-26 18:41 - 00000000 ___HD C:\ProgramData\ArcSoft
2014-01-21 13:12 - 2014-01-21 13:12 - 00000000 _____ C:\Windows\setuperr.log
2014-01-21 13:10 - 2014-01-21 13:10 - 00000000 __SHD C:\found.001
2014-01-19 19:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-19 00:02 - 2013-02-17 20:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-19 00:02 - 2006-05-30 12:02 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-18 22:18 - 2010-07-12 22:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-18 22:17 - 2006-05-30 12:02 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-18 22:09 - 2012-09-13 11:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Real
2014-01-16 09:59 - 2011-08-06 13:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 10:50 - 2013-08-16 02:02 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 10:47 - 2011-08-04 20:54 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-07 20:53 - 2011-11-18 20:23 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-07 20:53 - 2011-11-18 20:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-01-07 20:53 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-05 16:22 - 2011-11-18 20:24 - 00000000 ____D C:\Users\User\AppData\Roaming\SoftGrid Client
2014-01-05 09:48 - 2011-07-27 07:16 - 00074231 _____ C:\test.xml
2014-01-02 22:52 - 2014-01-02 22:52 - 00001076 _____ C:\Users\User\Desktop\tiptoi.lnk
2014-01-02 22:51 - 2011-08-05 14:48 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2014-01-01 12:11 - 2013-03-24 17:22 - 00000000 ____D C:\Users\User\Documents\Immobilien

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\tmp3C7.exe
C:\Users\User\AppData\Local\Temp\tmp4B22.exe
C:\Users\User\AppData\Local\Temp\tmpA9B8.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 11:42

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 30.01.2014, 11:48

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\tmp3C7.exe
C:\Users\User\AppData\Local\Temp\tmp4B22.exe
C:\Users\User\AppData\Local\Temp\tmpA9B8.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

umrepus · 30.01.2014, 12:21

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01
Ran by User at 2014-01-30 12:20:06 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\tmp3C7.exe
C:\Users\User\AppData\Local\Temp\tmp4B22.exe
C:\Users\User\AppData\Local\Temp\tmpA9B8.exe
*****************

Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\User\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\tmp3C7.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\tmp4B22.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\tmpA9B8.exe => Moved successfully.

==== End of Fixlog ====

cosinus · 30.01.2014, 13:41

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

umrepus · 30.01.2014, 14:26

malware hat was gefunden

PUP.Optional.Softonic.a

Hab noch nichts gemacht zur Auswahl steht:

entferne logdatei
ignoriere
speichere logdatei
Hauptmenü

cosinus · 30.01.2014, 14:54

Warum versuchst du das Log zu beschreiben, poste es doch einfach!

umrepus · 30.01.2014, 15:01

sorry, für mich ist alles ein Buch mit 7 Siegeln, sorry und danke für die Geduld

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.30.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-VAIO [Administrator]

30.01.2014 14:11:45
MBAM-log-2014-01-30 (14-59-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214905
Laufzeit: 9 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\User\Desktop\SoftonicDownloader_fuer_recuva.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.

(Ende)

29.01.2014, 13:52	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Aus Yahoo Account werden Spam Mails versandt Das andere FRST Log fehlt __________________ Logfiles bitte immer in CODE-Tags posten

30.01.2014, 14:54	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Aus Yahoo Account werden Spam Mails versandt Warum versuchst du das Log zu beschreiben, poste es doch einfach! __________________ Logfiles bitte immer in CODE-Tags posten

Aus Yahoo Account werden Spam Mails versandt

Überwachung, Datenschutz und Spam: Aus Yahoo Account werden Spam Mails versandt