|
Plagegeister aller Art und deren Bekämpfung: Sehr viel Werbung und Avira öffnet sich nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.04.2014, 13:32 | #1 |
| Sehr viel Werbung und Avira öffnet sich nicht Hallo, ich muss leider ein paar Probleme an meinem Laptop feststellen. Erstmal bekomme ich seit Tagen eine Flut von Werbungen hinter geöffnete Seite geschaltet, zum anderen ließ sich, nachdem ich entnervt Avira fragen wollte, ob irgendwas los ist, dieses sich nicht öffnen. Ich bitte um Eure Hilfe |
05.04.2014, 14:02 | #2 |
/// TB-Ausbilder | Sehr viel Werbung und Avira öffnet sich nichtMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Avira ist nicht gut im Bereich Adware... Wir beginnen erst mal so: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
05.04.2014, 14:09 | #3 |
| Sehr viel Werbung und Avira öffnet sich nicht Danke für die schnelle Antwort
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Carolin (administrator) on VAIO on 05-04-2014 15:06:17 Running from C:\Users\Carolin\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE () C:\Users\Carolin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe () C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Windows\system32\wwahost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe\LiveComm.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation) C:\Windows\system32\wwahost.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\calc.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-24] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-11-20] (Synaptics Incorporated) HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] () HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Carolin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] () HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation) HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Amazon Cloud Player] - C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] () HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Google Update] - C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-07] (Google Inc.) HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\RunOnce: [Uninstall C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64" Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = SearchScopes: HKCU - DefaultScope {7044E424-6D67-491B-A8D4-63AE8052A479} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ecc5e1420000000000006036ddf3ae1d&r=765 SearchScopes: HKCU - {7044E424-6D67-491B-A8D4-63AE8052A479} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ecc5e1420000000000006036ddf3ae1d&r=765 SearchScopes: HKCU - {888CE8DE-9B98-40E5-8CA5-E2E178689566} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms} SearchScopes: HKCU - {F667CA3A-C070-4694-8589-7B4F493E3D77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR HomePage: hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=ecc5e1420000000000006036ddf3ae1d CHR DefaultSearchKeyword: softonic CHR DefaultSearchProvider: Search the web (Softonic) CHR DefaultSearchURL: hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=ecc5e1420000000000006036ddf3ae1d CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Google Update) - C:\Users\Carolin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Carolin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-07] CHR Extension: (Google Drive) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-07] CHR Extension: (YouTube) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-07] CHR Extension: (Google-Suche) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-07] CHR Extension: (Google Wallet) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07] CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-02-02] CHR Extension: (Google Mail) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-07] ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-01] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-25] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] () S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-17] (Sony Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-10-25] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-20] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-07] (Intel Corporation) R3 rimssne; C:\Windows\System32\drivers\rimssne64.sys [103424 2012-08-23] (REDC) R3 risdsnxc; C:\Windows\System32\drivers\risdsnxc64.sys [104960 2012-08-23] (REDC) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-20] (Synaptics Incorporated) R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-05 15:06 - 2014-04-05 15:06 - 00021286 _____ () C:\Users\Carolin\Downloads\FRST.txt 2014-04-05 15:05 - 2014-04-05 15:06 - 00000000 ____D () C:\FRST 2014-04-05 15:04 - 2014-04-05 15:04 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64.exe 2014-04-05 15:04 - 2014-04-05 15:04 - 01145856 _____ (Farbar) C:\Users\Carolin\Downloads\FRST.exe 2014-04-04 11:51 - 2014-04-04 11:54 - 00000000 ____D () C:\Users\Carolin\Desktop\Sammelsorium 2014-04-04 11:48 - 2014-04-05 12:49 - 00000000 ____D () C:\Users\Carolin\Desktop\Katzen 2014-04-04 01:21 - 2014-04-04 01:21 - 00236944 _____ () C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY (1).exe 2014-04-04 01:20 - 2014-04-04 01:20 - 00236944 _____ () C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY.exe 2014-03-30 14:39 - 2014-03-30 14:39 - 00026857 _____ () C:\Users\Carolin\Desktop\Unbenannt 2.odt 2014-03-23 21:44 - 2014-03-29 10:42 - 00000000 ____D () C:\Users\Carolin\Desktop\Studium 2014-03-16 18:20 - 2014-03-17 22:15 - 00000000 ____D () C:\Users\Carolin\Desktop\Wohnung 2014-03-13 15:37 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 15:37 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-03-13 15:37 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-03-13 15:36 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 15:36 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 15:36 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-03-13 15:36 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-03-13 15:36 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 15:36 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 15:36 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 15:36 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 15:36 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 15:36 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 15:36 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 15:36 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 15:36 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 15:36 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-03-13 15:36 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-03-13 15:36 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-03-13 15:35 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 15:35 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 15:35 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 15:35 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-09 19:37 - 2014-03-09 19:44 - 00058708 _____ () C:\Users\Carolin\Desktop\Renataschu_lerplanung.odt 2014-03-09 18:04 - 2014-03-09 18:04 - 00221488 _____ (Premium Installer ) C:\Users\Carolin\Downloads\Primal_Urge_(2000)_--BustyJana--.exe 2014-03-09 10:21 - 2014-03-10 21:15 - 00000000 ____D () C:\Users\Carolin\Desktop\Kleiderschrank 2014-03-08 18:25 - 2014-03-08 18:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\Carolin\Downloads\UnityWebPlayer.exe ==================== One Month Modified Files and Folders ======= 2014-04-05 15:06 - 2014-04-05 15:06 - 00021286 _____ () C:\Users\Carolin\Downloads\FRST.txt 2014-04-05 15:06 - 2014-04-05 15:05 - 00000000 ____D () C:\FRST 2014-04-05 15:04 - 2014-04-05 15:04 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64.exe 2014-04-05 15:04 - 2014-04-05 15:04 - 01145856 _____ (Farbar) C:\Users\Carolin\Downloads\FRST.exe 2014-04-05 15:03 - 2014-02-10 21:53 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA.job 2014-04-05 15:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-04-05 14:38 - 2014-01-26 21:52 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\ClassicShell 2014-04-05 13:24 - 2013-04-24 18:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-05 12:49 - 2014-04-04 11:48 - 00000000 ____D () C:\Users\Carolin\Desktop\Katzen 2014-04-05 12:42 - 2013-10-08 19:04 - 01090403 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 20:03 - 2014-01-19 21:19 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f.job 2014-04-04 11:54 - 2014-04-04 11:51 - 00000000 ____D () C:\Users\Carolin\Desktop\Sammelsorium 2014-04-04 01:21 - 2014-04-04 01:21 - 00236944 _____ () C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY (1).exe 2014-04-04 01:20 - 2014-04-04 01:20 - 00236944 _____ () C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY.exe 2014-04-01 18:14 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-03-30 23:01 - 2013-04-09 23:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat 2014-03-30 23:01 - 2013-04-09 23:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat 2014-03-30 23:01 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-30 17:15 - 2013-05-07 09:04 - 01216000 ___SH () C:\Users\Carolin\Desktop\Thumbs.db 2014-03-30 14:39 - 2014-03-30 14:39 - 00026857 _____ () C:\Users\Carolin\Desktop\Unbenannt 2.odt 2014-03-29 20:58 - 2014-02-10 21:53 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA 2014-03-29 20:58 - 2014-02-10 21:53 - 00003708 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f 2014-03-29 10:42 - 2014-03-23 21:44 - 00000000 ____D () C:\Users\Carolin\Desktop\Studium 2014-03-21 09:26 - 2013-04-15 19:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-03-18 14:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-17 22:15 - 2014-03-16 18:20 - 00000000 ____D () C:\Users\Carolin\Desktop\Wohnung 2014-03-16 22:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-03-16 21:54 - 2013-04-15 18:32 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3055477381-348428017-1736558052-1001 2014-03-16 19:25 - 2013-05-09 20:22 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-16 19:19 - 2013-10-03 19:37 - 00000000 ____D () C:\Users\Carolin\Tracing 2014-03-16 19:19 - 2013-04-15 18:25 - 00000000 ___RD () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-16 19:19 - 2013-04-15 18:25 - 00000000 ___RD () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-16 18:54 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-16 18:53 - 2013-04-15 20:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-16 18:53 - 2013-04-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-16 18:52 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-11 22:24 - 2013-04-24 18:38 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-10 21:15 - 2014-03-09 10:21 - 00000000 ____D () C:\Users\Carolin\Desktop\Kleiderschrank 2014-03-09 19:44 - 2014-03-09 19:37 - 00058708 _____ () C:\Users\Carolin\Desktop\Renataschu_lerplanung.odt 2014-03-09 18:04 - 2014-03-09 18:04 - 00221488 _____ (Premium Installer ) C:\Users\Carolin\Downloads\Primal_Urge_(2000)_--BustyJana--.exe 2014-03-08 18:25 - 2014-03-08 18:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\Carolin\Downloads\UnityWebPlayer.exe Some content of TEMP: ==================== C:\Users\Carolin\AppData\Local\Temp\avgnt.exe C:\Users\Carolin\AppData\Local\Temp\iPhoneBackupExtractor-installer.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-28 18:38 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Carolin at 2014-04-05 15:06:46 Running from C:\Users\Carolin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 6400_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - ) Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC) Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{ECCD7F0B-2256-9B71-5B9D-3E78A4E6DF00}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.2.286 - Avira) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5728.52 - CyberLink Corp.) CyberLink PowerDVD (x32 Version: 9.0.5728.52 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP OfficeJet J6400 14.0 Rel. 6 (HKLM\...\{4B4B81D9-3C2C-4388-A281-40F3299B911E}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - ) Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41505) (Version: 3.8.0.41505.25 - Intel) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation) Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation) Intel® PROSet/Wireless WiFi-Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) J6400 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 Home Premium - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation) ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6748 - Realtek Semiconductor Corp.) Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.4 - Synaptics Incorporated) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Update for Zip Opener (HKCU\...\DSite) (Version: - ) <==== ATTENTION VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.1.0.11020 - Sony Corporation) VAIO Care (HKLM\...\{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}) (Version: 8.1.0.10120 - Sony Corporation) VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation) VAIO Easy Connect (x32 Version: 1.3.0.09290 - Sony Corporation) Hidden VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation) VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation) VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation) VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation) VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation) VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.0.00.10170 - Sony Corporation) VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.0.08010 - Sony Corporation) VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation) VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation) VAIO-Hardwarediagnose-Plugin für VAIO Care (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.7.0.11070 - Sony Corporation) VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation) VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden VIx64 (Version: 1.0.0 - Sony Corporation) Hidden VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden YTD Video Downloader 4.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.1 - GreenTree Applications SRL) ==================== Restore Points ========================= 18-03-2014 13:33:12 Geplanter Prüfpunkt 28-03-2014 19:23:42 Geplanter Prüfpunkt 05-04-2014 11:29:11 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2012-07-26 07:26 - 2013-09-12 19:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0DEC829B-D148-41E0-9CE7-F869E6DAA1D3} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2C1BC45A-B1D9-4AE3-AE7E-5AB9F8FEEEEE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation) Task: {2C3C76CB-0597-4366-9C78-031EDF4677A6} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation) Task: {2E30B938-3573-46EC-A295-5C92E849EDDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.) Task: {379B5F29-668C-430E-9E3F-E80165503C7A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation) Task: {487ADFB8-F8AF-49D4-96F1-BC383F96EA38} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {4C586F85-263F-476D-B2D5-C6E5771267A6} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.) Task: {65BC15A4-E991-48F4-AB11-81C4A7A492B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-21] (Microsoft Corporation) Task: {7000A40B-B3FB-4C30-8071-670E54ABAF15} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.) Task: {71730116-03DA-4BE2-8CCA-BFA87F16114F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {74F00795-4430-4725-B1F7-54E58B554D84} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {74F2DCFD-9DE2-484D-BC71-D393A9DBD9C7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation) Task: {77E39C35-3F57-4F50-A9F5-EC6B7B35FBF6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation) Task: {80BB06B6-79AE-411C-AC09-2AB24FF2B619} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation) Task: {815B703B-9BF0-4D3F-B50C-6029F69FEA50} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {97D90083-6B0F-4530-9AA0-75593FC33585} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-08] (Sony Corporation) Task: {98FDC752-E501-4814-B593-D219C14076DB} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient Task: {A708D4A1-FA88-4189-8068-3E8585DC0016} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {A957BF76-5CB8-45E5-B0D3-67BC59EA389B} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {AFE0D4D5-EC19-4838-B4A5-3875B46C22FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.) Task: {B0CE8FDE-E8A1-4412-9B43-C27E28CD639E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation) Task: {B8AC73B1-84D9-4C64-A7C7-E7589991561B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation) Task: {BCE30557-D3AB-4E12-AC6F-CD238F7BCCA7} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {C8177601-FB6D-4766-BD3F-20302BEA1EAB} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {ED6BAAB6-2972-437D-A7D5-5B65BE56E37E} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation) Task: {EF3369A7-72FC-4A23-AF74-4FCD98D9BB3C} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {F93CAE5D-D0F0-4D0D-970F-01E397D86916} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2012-11-01] (Sony Corporation) Task: {F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} - \BrowserDefendert No Task File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f.job => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA.job => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-06 13:27 - 2012-08-06 13:27 - 00156672 _____ () C:\Program Files\Sony\VAIO Care\VCPerfService.exe 2012-10-25 09:10 - 2012-10-25 09:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-05-09 23:50 - 2013-05-09 23:50 - 00400704 _____ () C:\Users\Carolin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 2013-12-15 10:57 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2012-08-06 11:54 - 2012-08-06 11:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-03-21 09:11 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-04-15 19:15 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2012-08-06 13:27 - 2012-08-06 13:27 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe 2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-04-09 22:43 - 2012-07-25 04:52 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll 2014-01-12 19:39 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll 2014-01-12 19:39 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll 2013-04-23 18:30 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2013-05-03 15:35 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2013-09-27 17:30 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 00051016 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 00716616 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 00100168 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 04061000 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 00394568 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 01647432 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 13637448 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: USB-IF xHCI USB Host Controller Description: USB-IF xHCI USB Host Controller Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee} Manufacturer: Intel Corporation Service: XHCIPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Officejet J6400 series Description: Officejet J6400 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 389125 Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 389125 Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1125 Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1125 Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4922 Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4922 Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/04/2014 11:11:50 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3750 System errors: ============= Error: (04/05/2014 11:38:04 AM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (04/04/2014 11:14:25 AM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (04/03/2014 09:19:57 AM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (04/02/2014 04:53:01 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (04/01/2014 06:12:51 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (03/30/2014 01:58:22 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (03/30/2014 09:47:33 AM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (03/29/2014 08:41:15 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (03/28/2014 03:02:30 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (03/27/2014 04:56:36 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Microsoft Office Sessions: ========================= Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 389125 Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 389125 Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1125 Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1125 Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4922 Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4922 Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/04/2014 11:11:50 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3750 CodeIntegrity Errors: =================================== Date: 2013-09-12 19:48:02.021 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 8064.39 MB Available physical RAM: 5797.55 MB Total Pagefile: 13033.13 MB Available Pagefile: 6608.73 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:435.29 GB) (Free:335.55 GB) NTFS Drive d: (RAYMAN) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1B831D38) Partition: GPT Partition Type. ==================== End Of Log ============================ |
05.04.2014, 14:15 | #4 | |
/// TB-Ausbilder | Sehr viel Werbung und Avira öffnet sich nicht Servus, Zitat:
Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 4 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste mit deiner nächsten Antwort
|
05.04.2014, 15:20 | #5 |
| Sehr viel Werbung und Avira öffnet sich nicht AdwCleaner hat gar nichts gefunden. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 8 x64 Ran by Carolin on 05.04.2014 at 15:29:08,58 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7044E424-6D67-491B-A8D4-63AE8052A479} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\bitguard" Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader" Successfully deleted: [Folder] "C:\Users\Carolin\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Users\Carolin\appdata\locallow\softonic" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.04.2014 at 15:32:58,14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.04.2014 Suchlauf-Zeit: 15:56:33 Logdatei: mb.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.05.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Carolin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 265289 Verstrichene Zeit: 14 Min, 6 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 14 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1231839B-064E-4788-B865-465A1B5266FD}, In Quarantäne, [c040d729bf41e9176d3cc1800af81de3], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2DAC2231-CC35-482B-97C5-CED1D4185080}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{57C91446-8D81-4156-A70E-624551442DE9}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{97DD820D-2E20-40AD-B01E-6730B2FCE630}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B177446D-54A4-4869-BABC-8566110B4BE0}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05B12E1-ADE8-4485-B45B-898748B53C37}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 3 PUP.Optional.Softonic.A, C:\Users\Carolin\AppData\Local\Temp\mt_ffx\Softonic, In Quarantäne, [669a1ce4857bf80856e5f06ce2206d93], PUP.Optional.Softonic.A, C:\Users\Carolin\AppData\Local\Temp\mt_ffx\Softonic\Softonic, In Quarantäne, [669a1ce4857bf80856e5f06ce2206d93], PUP.Optional.Softonic.A, C:\Users\Carolin\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14, In Quarantäne, [669a1ce4857bf80856e5f06ce2206d93], Dateien: 6 PUP.Optional.Somoto.A, C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY (1).exe, In Quarantäne, [e91724dc887826da7e50decc3dc69769], PUP.Optional.Somoto.A, C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY.exe, In Quarantäne, [7f8138c8718f8a76b31b9a101fe428d8], PUP.Optional.OpenCandy, C:\Users\Carolin\Downloads\iphonebackupextractor_4.5.6.0.exe, In Quarantäne, [2ad6e41c29d73ec274b5102818ece21e], PUP.Optional.OptimumInstaller.A, C:\Users\Carolin\Downloads\Primal_Urge_(2000)_--BustyJana--.exe, In Quarantäne, [90702ad640c030d057eeca7c8f727789], PUP.Optional.Spigot.A, C:\Users\Carolin\Desktop\Programme\Dat janse Zeuch\YTD471Setup.exe, In Quarantäne, [e21e827e4fb1cb35aad00e1820e012ee], PUP.Optional.Softonic.A, C:\Users\Carolin\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14\softonic.xpi, In Quarantäne, [669a1ce4857bf80856e5f06ce2206d93], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Carolin on 05.04.2014 at 16:06:44,35. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Carolin\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 05.04.2014 16:08:02 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3055477381-348428017-1736558052-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_USERS\S-1-5-21-3055477381-348428017-1736558052-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully HKEY_USERS\S-1-5-21-3055477381-348428017-1736558052-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_CLASSES_ROOT\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_CLASSES_ROOT\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\GreenTree Applications deleted C:\found.000 deleted C:\found.001 deleted C:\found.002 deleted C:\found.003 deleted C:\found.004 deleted C:\found.005 deleted C:\PROGRA~3\Package Cache deleted C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted ==== Chrome Look ====================== 20-20 3D Viewer for IKEA - Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp ==== Chrome Fix ====================== C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage deleted successfully C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.de/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.de/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{888CE8DE-9B98-40E5-8CA5-E2E178689566}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {888CE8DE-9B98-40E5-8CA5-E2E178689566} eBay Url="hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}" {F667CA3A-C070-4694-8589-7B4F493E3D77} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS" ==== Reset Google Chrome ====================== C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Carolin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Carolin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=128 folders=92 56439523 bytes) ==== Empty Temp Folders ====================== C:\Users\Carolin\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Carolin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 05.04.2014 at 16:16:28,77 ====================== |
05.04.2014, 15:31 | #6 |
/// TB-Ausbilder | Sehr viel Werbung und Avira öffnet sich nicht |
05.04.2014, 15:37 | #7 |
| Sehr viel Werbung und Avira öffnet sich nichtCode:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 05/04/2014 um 16:36:58 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzername : Carolin - VAIO # Gestartet von : C:\Users\Carolin\Desktop\adwcleaner.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Google Chrome v [ Datei : C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [10312 octets] - [14/09/2013 21:30:06] AdwCleaner[R1].txt - [3212 octets] - [05/04/2014 15:25:50] AdwCleaner[R2].txt - [1384 octets] - [05/04/2014 16:36:58] AdwCleaner[S0].txt - [6703 octets] - [14/09/2013 21:32:11] ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1504 octets] ########## |
05.04.2014, 15:43 | #8 |
/// TB-Ausbilder | Sehr viel Werbung und Avira öffnet sich nicht Servus, in dieser Logdatei steht nicht, dass die Funde entfernt wurden. Dies bitte nachholen und alle Funde entfernen lassen und/oder die Logdatei davon posten. |
05.04.2014, 18:09 | #9 |
| Sehr viel Werbung und Avira öffnet sich nicht Wenn ich den Suchlauf starte, findet es aber nichts und darum kann ich auch nichts zum Entfernen auswählen Ich habe jetzt noch 2mal suchen lassen und jetzt endlich, ist dabei etwas zustande gekommen: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 14/09/2013 um 21:32:11 # Updated 07/09/2013 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzername : Carolin - VAIO # Gestartet von : C:\Users\Carolin\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro Ordner Gelöscht : C:\Program Files (x86)\delta Ordner Gelöscht : C:\Program Files (x86)\openit Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\delta Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\searchquband Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\Searchqutoolbar Ordner Gelöscht : C:\Users\Carolin\AppData\Roaming\DSite Ordner Gelöscht : C:\Users\Carolin\AppData\Roaming\optimizer pro Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk Datei Gelöscht : C:\Users\Carolin\Desktop\Optimizer Pro.lnk Datei Gelöscht : C:\Windows\System32\Tasks\BrowserDefendert ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKCU\Software\e558ddce13de843 Schlüssel Gelöscht : HKLM\SOFTWARE\e558ddce13de843 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\dsiteproducts Schlüssel Gelöscht : HKCU\Software\ilivid Schlüssel Gelöscht : HKCU\Software\Optimizer Pro Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\Delta Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It! Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Google Chrome v [ Datei : C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : homepage Gelöscht : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [7159 octets] - [14/09/2013 21:30:06] AdwCleaner[S0].txt - [6555 octets] - [14/09/2013 21:32:11] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6615 octets] ########## AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 05/04/2014 um 19:05:20 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzername : Carolin - VAIO # Gestartet von : C:\Users\Carolin\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Google Chrome v [ Datei : C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [10312 octets] - [14/09/2013 21:30:06] AdwCleaner[R1].txt - [3212 octets] - [05/04/2014 15:25:50] AdwCleaner[R2].txt - [1600 octets] - [05/04/2014 16:36:58] AdwCleaner[S0].txt - [8148 octets] - [14/09/2013 21:32:11] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8208 octets] ########## |
05.04.2014, 18:10 | #10 | |
/// TB-Ausbilder | Sehr viel Werbung und Avira öffnet sich nichtZitat:
Man klickt nach dem Suchlauf einfach auf Löschen. Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden zwei Logdateien erzeugt. Poste mir diese. Noch Probleme mit Werbung? Wenn ja, in welchem Browser? Wie läuft Avira? |
05.04.2014, 18:16 | #11 |
| Sehr viel Werbung und Avira öffnet sich nicht Jetzt richtig? Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 05/04/2014 um 19:13:25 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzername : Carolin - VAIO # Gestartet von : C:\Users\Carolin\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Google Chrome v [ Datei : C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [10312 octets] - [14/09/2013 21:30:06] AdwCleaner[R1].txt - [3212 octets] - [05/04/2014 15:25:50] AdwCleaner[R2].txt - [1600 octets] - [05/04/2014 16:36:58] AdwCleaner[R3].txt - [999 octets] - [05/04/2014 19:12:59] AdwCleaner[S0].txt - [8304 octets] - [14/09/2013 21:32:11] AdwCleaner[S1].txt - [921 octets] - [05/04/2014 19:13:25] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [980 octets] ########## |
05.04.2014, 18:22 | #12 |
/// TB-Ausbilder | Sehr viel Werbung und Avira öffnet sich nicht Servus, ja. Weiter mit FRST und der Beantwortung meiner Fragen wie im letzten Post geschrieben bitte. |
05.04.2014, 22:44 | #13 |
| Sehr viel Werbung und Avira öffnet sich nicht Oh sorry, hatte ich ganz übersehen: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Carolin (administrator) on VAIO on 05-04-2014 19:44:52 Running from C:\Users\Carolin\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe () C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe () C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files\Sony\VAIO Care\VCPerfService.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Farbar) C:\Users\Carolin\Desktop\FRST64 (2).exe (Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-24] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-11-20] (Synaptics Incorporated) HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] () HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Carolin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] () HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation) HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Amazon Cloud Player] - C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] () HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Google Update] - C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-07] (Google Inc.) HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\RunOnce: [Uninstall C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64" Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - {888CE8DE-9B98-40E5-8CA5-E2E178689566} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms} SearchScopes: HKCU - {F667CA3A-C070-4694-8589-7B4F493E3D77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-07] CHR Extension: (Google Drive) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-07] CHR Extension: (YouTube) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-07] CHR Extension: (Google-Suche) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-07] CHR Extension: (Google Wallet) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07] CHR Extension: (Google Mail) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-07] ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-01] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] () S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-17] (Sony Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-10-25] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-20] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-07] (Intel Corporation) R3 rimssne; C:\Windows\System32\drivers\rimssne64.sys [103424 2012-08-23] (REDC) R3 risdsnxc; C:\Windows\System32\drivers\risdsnxc64.sys [104960 2012-08-23] (REDC) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-20] (Synaptics Incorporated) R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-05 19:42 - 2014-04-05 19:44 - 00018519 _____ () C:\Users\Carolin\Desktop\FRST.txt 2014-04-05 19:42 - 2014-04-05 19:42 - 00036383 _____ () C:\Users\Carolin\Desktop\Addition.txt 2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64 (3).exe 2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64 (1).exe 2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Desktop\FRST64 (2).exe 2014-04-05 16:14 - 2014-04-05 16:06 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-04-05 16:08 - 2014-04-05 16:16 - 00006148 _____ () C:\zoek-results.log 2014-04-05 16:06 - 2014-04-05 16:14 - 00000000 ____D () C:\zoek_backup 2014-04-05 16:05 - 2014-04-05 16:05 - 00004401 _____ () C:\Users\Carolin\Desktop\mb.txt 2014-04-05 15:59 - 2014-04-05 15:59 - 00468968 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-05 15:37 - 2014-04-05 19:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-05 15:37 - 2014-04-05 15:40 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-05 15:37 - 2014-04-05 15:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-05 15:37 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-05 15:37 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-05 15:37 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-05 15:36 - 2014-04-05 15:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Carolin\Desktop\mbam-setup-2.0.0.1000.exe 2014-04-05 15:35 - 2014-04-05 15:35 - 01285120 _____ () C:\Users\Carolin\Desktop\zoek.exe 2014-04-05 15:32 - 2014-04-05 15:32 - 00001153 _____ () C:\Users\Carolin\Desktop\JRT.txt 2014-04-05 15:28 - 2014-04-05 15:28 - 01038974 _____ (Thisisu) C:\Users\Carolin\Desktop\JRT.exe 2014-04-05 15:27 - 2014-04-05 15:27 - 01038974 _____ (Thisisu) C:\Users\Carolin\Downloads\JRT (1).exe 2014-04-05 15:26 - 2014-04-05 15:26 - 01038974 _____ (Thisisu) C:\Users\Carolin\Downloads\JRT.exe 2014-04-05 15:22 - 2014-04-05 15:22 - 01426178 _____ () C:\Users\Carolin\Desktop\adwcleaner.exe 2014-04-05 15:20 - 2014-04-05 15:20 - 01426178 _____ () C:\Users\Carolin\Downloads\adwcleaner (1).exe 2014-04-05 15:19 - 2014-04-05 15:20 - 01426178 _____ () C:\Users\Carolin\Downloads\adwcleaner.exe 2014-04-05 15:18 - 2014-04-05 15:18 - 00023409 _____ () C:\Users\Carolin\Desktop\b2.odt 2014-04-05 15:18 - 2014-04-05 15:18 - 00019438 _____ () C:\Users\Carolin\Desktop\tabelle.odt 2014-04-05 15:18 - 2014-04-05 15:18 - 00019116 _____ () C:\Users\Carolin\Desktop\grüwffelo.odt 2014-04-05 15:06 - 2014-04-05 15:11 - 00033571 _____ () C:\Users\Carolin\Downloads\FRST.txt 2014-04-05 15:06 - 2014-04-05 15:11 - 00000712 _____ () C:\Users\Carolin\Downloads\Addition.txt 2014-04-05 15:05 - 2014-04-05 19:44 - 00000000 ____D () C:\FRST 2014-04-05 15:04 - 2014-04-05 15:04 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64.exe 2014-04-05 15:04 - 2014-04-05 15:04 - 01145856 _____ (Farbar) C:\Users\Carolin\Downloads\FRST.exe 2014-04-04 11:51 - 2014-04-04 11:54 - 00000000 ____D () C:\Users\Carolin\Desktop\Sammelsorium 2014-04-04 11:48 - 2014-04-05 12:49 - 00000000 ____D () C:\Users\Carolin\Desktop\Katzen 2014-03-30 14:39 - 2014-03-30 14:39 - 00026857 _____ () C:\Users\Carolin\Desktop\Unbenannt 2.odt 2014-03-23 21:44 - 2014-03-29 10:42 - 00000000 ____D () C:\Users\Carolin\Desktop\Studium 2014-03-16 18:20 - 2014-03-17 22:15 - 00000000 ____D () C:\Users\Carolin\Desktop\Wohnung 2014-03-13 15:37 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 15:37 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-03-13 15:37 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-03-13 15:36 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 15:36 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 15:36 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-03-13 15:36 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-03-13 15:36 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 15:36 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 15:36 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 15:36 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 15:36 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 15:36 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 15:36 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 15:36 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 15:36 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 15:36 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 15:36 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 15:36 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-03-13 15:36 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-03-13 15:36 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-03-13 15:35 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 15:35 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 15:35 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 15:35 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-09 19:37 - 2014-03-09 19:44 - 00058708 _____ () C:\Users\Carolin\Desktop\Renataschu_lerplanung.odt 2014-03-09 10:21 - 2014-03-10 21:15 - 00000000 ____D () C:\Users\Carolin\Desktop\Kleiderschrank 2014-03-08 18:25 - 2014-03-08 18:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\Carolin\Downloads\UnityWebPlayer.exe ==================== One Month Modified Files and Folders ======= 2014-04-05 19:44 - 2014-04-05 19:42 - 00018519 _____ () C:\Users\Carolin\Desktop\FRST.txt 2014-04-05 19:44 - 2014-04-05 15:05 - 00000000 ____D () C:\FRST 2014-04-05 19:42 - 2014-04-05 19:42 - 00036383 _____ () C:\Users\Carolin\Desktop\Addition.txt 2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64 (3).exe 2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64 (1).exe 2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Desktop\FRST64 (2).exe 2014-04-05 19:24 - 2013-04-24 18:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-05 19:22 - 2013-10-08 19:04 - 01169680 _____ () C:\Windows\WindowsUpdate.log 2014-04-05 19:20 - 2013-04-09 23:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat 2014-04-05 19:20 - 2013-04-09 23:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat 2014-04-05 19:20 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-05 19:19 - 2013-04-15 18:32 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3055477381-348428017-1736558052-1001 2014-04-05 19:15 - 2013-10-03 19:37 - 00000000 ____D () C:\Users\Carolin\Tracing 2014-04-05 19:15 - 2013-05-09 20:22 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-05 19:14 - 2014-04-05 15:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-05 19:14 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-05 19:13 - 2013-09-14 21:29 - 00000000 ____D () C:\AdwCleaner 2014-04-05 19:13 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-04-05 19:03 - 2014-02-10 21:53 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA.job 2014-04-05 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-04-05 16:19 - 2014-01-26 21:52 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\ClassicShell 2014-04-05 16:16 - 2014-04-05 16:08 - 00006148 _____ () C:\zoek-results.log 2014-04-05 16:15 - 2013-10-14 23:46 - 00009264 _____ () C:\Windows\PFRO.log 2014-04-05 16:14 - 2014-04-05 16:06 - 00000000 ____D () C:\zoek_backup 2014-04-05 16:06 - 2014-04-05 16:14 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-04-05 16:05 - 2014-04-05 16:05 - 00004401 _____ () C:\Users\Carolin\Desktop\mb.txt 2014-04-05 15:59 - 2014-04-05 15:59 - 00468968 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-05 15:40 - 2014-04-05 15:37 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-05 15:40 - 2014-04-05 15:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-05 15:37 - 2014-04-05 15:36 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Carolin\Desktop\mbam-setup-2.0.0.1000.exe 2014-04-05 15:37 - 2013-09-14 21:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-05 15:35 - 2014-04-05 15:35 - 01285120 _____ () C:\Users\Carolin\Desktop\zoek.exe 2014-04-05 15:32 - 2014-04-05 15:32 - 00001153 _____ () C:\Users\Carolin\Desktop\JRT.txt 2014-04-05 15:28 - 2014-04-05 15:28 - 01038974 _____ (Thisisu) C:\Users\Carolin\Desktop\JRT.exe 2014-04-05 15:27 - 2014-04-05 15:27 - 01038974 _____ (Thisisu) C:\Users\Carolin\Downloads\JRT (1).exe 2014-04-05 15:26 - 2014-04-05 15:26 - 01038974 _____ (Thisisu) C:\Users\Carolin\Downloads\JRT.exe 2014-04-05 15:22 - 2014-04-05 15:22 - 01426178 _____ () C:\Users\Carolin\Desktop\adwcleaner.exe 2014-04-05 15:20 - 2014-04-05 15:20 - 01426178 _____ () C:\Users\Carolin\Downloads\adwcleaner (1).exe 2014-04-05 15:20 - 2014-04-05 15:19 - 01426178 _____ () C:\Users\Carolin\Downloads\adwcleaner.exe 2014-04-05 15:18 - 2014-04-05 15:18 - 00023409 _____ () C:\Users\Carolin\Desktop\b2.odt 2014-04-05 15:18 - 2014-04-05 15:18 - 00019438 _____ () C:\Users\Carolin\Desktop\tabelle.odt 2014-04-05 15:18 - 2014-04-05 15:18 - 00019116 _____ () C:\Users\Carolin\Desktop\grüwffelo.odt 2014-04-05 15:11 - 2014-04-05 15:06 - 00033571 _____ () C:\Users\Carolin\Downloads\FRST.txt 2014-04-05 15:11 - 2014-04-05 15:06 - 00000712 _____ () C:\Users\Carolin\Downloads\Addition.txt 2014-04-05 15:04 - 2014-04-05 15:04 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64.exe 2014-04-05 15:04 - 2014-04-05 15:04 - 01145856 _____ (Farbar) C:\Users\Carolin\Downloads\FRST.exe 2014-04-05 12:49 - 2014-04-04 11:48 - 00000000 ____D () C:\Users\Carolin\Desktop\Katzen 2014-04-04 20:03 - 2014-01-19 21:19 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f.job 2014-04-04 11:54 - 2014-04-04 11:51 - 00000000 ____D () C:\Users\Carolin\Desktop\Sammelsorium 2014-04-03 09:51 - 2014-04-05 15:37 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-05 15:37 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-05 15:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-01 18:14 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-03-30 17:15 - 2013-05-07 09:04 - 01216000 ___SH () C:\Users\Carolin\Desktop\Thumbs.db 2014-03-30 14:39 - 2014-03-30 14:39 - 00026857 _____ () C:\Users\Carolin\Desktop\Unbenannt 2.odt 2014-03-29 20:58 - 2014-02-10 21:53 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA 2014-03-29 20:58 - 2014-02-10 21:53 - 00003708 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f 2014-03-29 10:42 - 2014-03-23 21:44 - 00000000 ____D () C:\Users\Carolin\Desktop\Studium 2014-03-21 09:26 - 2013-04-15 19:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-03-18 14:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-17 22:15 - 2014-03-16 18:20 - 00000000 ____D () C:\Users\Carolin\Desktop\Wohnung 2014-03-16 22:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-03-16 19:19 - 2013-04-15 18:25 - 00000000 ___RD () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-16 19:19 - 2013-04-15 18:25 - 00000000 ___RD () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-16 18:53 - 2013-04-15 20:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-16 18:53 - 2013-04-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-11 22:24 - 2013-04-24 18:38 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-10 21:15 - 2014-03-09 10:21 - 00000000 ____D () C:\Users\Carolin\Desktop\Kleiderschrank 2014-03-09 19:44 - 2014-03-09 19:37 - 00058708 _____ () C:\Users\Carolin\Desktop\Renataschu_lerplanung.odt 2014-03-08 18:25 - 2014-03-08 18:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\Carolin\Downloads\UnityWebPlayer.exe Some content of TEMP: ==================== C:\Users\Carolin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-28 18:38 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Carolin at 2014-04-05 19:45:06 Running from C:\Users\Carolin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 6400_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - ) Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC) Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{ECCD7F0B-2256-9B71-5B9D-3E78A4E6DF00}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.2.286 - Avira) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5728.52 - CyberLink Corp.) CyberLink PowerDVD (x32 Version: 9.0.5728.52 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP OfficeJet J6400 14.0 Rel. 6 (HKLM\...\{4B4B81D9-3C2C-4388-A281-40F3299B911E}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - ) Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41505) (Version: 3.8.0.41505.25 - Intel) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation) Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation) Intel® PROSet/Wireless WiFi-Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) J6400 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 Home Premium - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation) ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6748 - Realtek Semiconductor Corp.) Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.4 - Synaptics Incorporated) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.1.0.11020 - Sony Corporation) VAIO Care (HKLM\...\{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}) (Version: 8.1.0.10120 - Sony Corporation) VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation) VAIO Easy Connect (x32 Version: 1.3.0.09290 - Sony Corporation) Hidden VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation) VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation) VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation) VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation) VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation) VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.0.00.10170 - Sony Corporation) VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.0.08010 - Sony Corporation) VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation) VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation) VAIO-Hardwarediagnose-Plugin für VAIO Care (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.7.0.11070 - Sony Corporation) VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation) VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden VIx64 (Version: 1.0.0 - Sony Corporation) Hidden VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden YTD Video Downloader 4.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.1 - GreenTree Applications SRL) ==================== Restore Points ========================= 18-03-2014 13:33:12 Geplanter Prüfpunkt 28-03-2014 19:23:42 Geplanter Prüfpunkt 05-04-2014 11:29:11 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2012-07-26 07:26 - 2013-09-12 19:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2C3C76CB-0597-4366-9C78-031EDF4677A6} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation) Task: {2E30B938-3573-46EC-A295-5C92E849EDDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.) Task: {379B5F29-668C-430E-9E3F-E80165503C7A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation) Task: {487ADFB8-F8AF-49D4-96F1-BC383F96EA38} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {4C586F85-263F-476D-B2D5-C6E5771267A6} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.) Task: {65BC15A4-E991-48F4-AB11-81C4A7A492B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-21] (Microsoft Corporation) Task: {7000A40B-B3FB-4C30-8071-670E54ABAF15} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.) Task: {71730116-03DA-4BE2-8CCA-BFA87F16114F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {74F00795-4430-4725-B1F7-54E58B554D84} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {74F2DCFD-9DE2-484D-BC71-D393A9DBD9C7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation) Task: {7570CBF6-7C42-4F05-B96D-4154B2EF5785} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation) Task: {77E39C35-3F57-4F50-A9F5-EC6B7B35FBF6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation) Task: {80BB06B6-79AE-411C-AC09-2AB24FF2B619} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation) Task: {815B703B-9BF0-4D3F-B50C-6029F69FEA50} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {97D90083-6B0F-4530-9AA0-75593FC33585} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-08] (Sony Corporation) Task: {98FDC752-E501-4814-B593-D219C14076DB} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient Task: {A708D4A1-FA88-4189-8068-3E8585DC0016} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {A957BF76-5CB8-45E5-B0D3-67BC59EA389B} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {AFE0D4D5-EC19-4838-B4A5-3875B46C22FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.) Task: {B0CE8FDE-E8A1-4412-9B43-C27E28CD639E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation) Task: {B8AC73B1-84D9-4C64-A7C7-E7589991561B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation) Task: {BCE30557-D3AB-4E12-AC6F-CD238F7BCCA7} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {C8177601-FB6D-4766-BD3F-20302BEA1EAB} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {ED6BAAB6-2972-437D-A7D5-5B65BE56E37E} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation) Task: {EF3369A7-72FC-4A23-AF74-4FCD98D9BB3C} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {F93CAE5D-D0F0-4D0D-970F-01E397D86916} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2012-11-01] (Sony Corporation) Task: {F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} - \BrowserDefendert No Task File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f.job => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA.job => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-21 09:11 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-04-15 19:15 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2012-10-25 09:10 - 2012-10-25 09:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-04-16 10:35 - 2012-11-20 01:03 - 00812544 _____ () C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe 2013-12-15 10:57 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2012-08-06 11:54 - 2012-08-06 11:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-08-06 13:27 - 2012-08-06 13:27 - 00156672 _____ () C:\Program Files\Sony\VAIO Care\VCPerfService.exe 2012-08-06 13:27 - 2012-08-06 13:27 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe 2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-04-16 10:35 - 2012-04-26 14:38 - 20758016 _____ () C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll 2014-01-12 19:39 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll 2014-01-12 19:39 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll 2013-04-23 18:30 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2013-05-03 15:35 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2013-09-27 17:30 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll 2013-04-09 23:13 - 2012-10-04 22:21 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll 2013-04-09 22:43 - 2012-07-25 04:52 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 00051016 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 00716616 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 00100168 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 04061000 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 00394568 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 20:59 - 2014-03-15 02:50 - 01647432 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: USB-IF xHCI USB Host Controller Description: USB-IF xHCI USB Host Controller Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee} Manufacturer: Intel Corporation Service: XHCIPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Officejet J6400 series Description: Officejet J6400 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/05/2014 07:15:18 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (04/05/2014 07:08:00 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (04/05/2014 07:07:23 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (04/05/2014 06:24:11 PM) (Source: Office 2013 Licensing Service) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (04/05/2014 04:17:08 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (04/05/2014 04:02:23 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (04/05/2014 03:41:36 PM) (Source: Application Hang) (User: ) Description: Programm mbam.exe, Version 1.0.0.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 360c Startzeit: 01cf50d4ac6e0e47 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe Berichts-ID: fe2d0976-bcc7-11e3-beb6-6036ddf3ae20 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: System errors: ============= Error: (04/05/2014 07:14:40 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/05/2014 07:14:40 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht. Error: (04/05/2014 07:14:40 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/05/2014 07:14:40 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht. Error: (04/05/2014 07:13:50 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {78FD0120-D39C-45D8-A9BE-2B802B3C23E5} Error: (04/05/2014 07:13:50 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {78FD0120-D39C-45D8-A9BE-2B802B3C23E5} Error: (04/05/2014 07:09:01 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (04/05/2014 07:06:31 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/05/2014 07:06:31 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht. Error: (04/05/2014 07:06:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office Sessions: ========================= Error: (04/05/2014 07:15:18 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (04/05/2014 07:08:00 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (04/05/2014 07:07:23 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (04/05/2014 06:24:11 PM) (Source: Office 2013 Licensing Service)(User: ) Description: Subscription licensing service failed: -1073415161 Error: (04/05/2014 04:17:08 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (04/05/2014 04:02:23 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (04/05/2014 03:41:36 PM) (Source: Application Hang)(User: ) Description: mbam.exe1.0.0.500360c01cf50d4ac6e0e470C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exefe2d0976-bcc7-11e3-beb6-6036ddf3ae20 CodeIntegrity Errors: =================================== Date: 2013-09-12 19:48:02.021 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8064.39 MB Available physical RAM: 6075.89 MB Total Pagefile: 12032.39 MB Available Pagefile: 9873.97 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:435.29 GB) (Free:339.65 GB) NTFS Drive d: (RAYMAN) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1B831D38) Partition: GPT Partition Type. ==================== End Of Log ============================ Also momentan kann ich unter Chrome keine Probleme mit der Werbung feststellen. Avira lässt sich immer noch nicht öffnen und übrigens auch der Windows Defender sagt, er wäre deaktiviert worden. Kann ich mich nicht dran erinnern, dass ich das mal gemacht haben soll. Update: Hatte wieder vereinzelt Werbungen hinter Seiten |
06.04.2014, 12:20 | #14 |
/// TB-Ausbilder | Sehr viel Werbung und Avira öffnet sich nicht Servus, welcher Browser? Seit wann (Datum, Uhrzeit) ? Wegen Avira und Windows Defener kümmern wir uns zum Schluss. Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start Task: {F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} - \BrowserDefendert No Task File end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
06.04.2014, 14:38 | #15 |
| Sehr viel Werbung und Avira öffnet sich nicht Die Werbung trat gestern so gegen 23 Uhr im Chrome auf, allerdings habe ich auch erst da wieder intensiver gesurft Hier Teil 1: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Carolin at 2014-04-06 14:11:16 Run:1 Running from C:\Users\Carolin\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start Task: {F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} - \BrowserDefendert No Task File end ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert => Key deleted successfully. ==== End of Fixlog ==== Code:
ATTFilter
Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=4370c2eeb525c2478939b2eec367083c # engine=17772 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-06 01:30:22 # local_time=2014-04-06 03:30:22 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=1799 16775166 100 94 6004237 262214312 5993403 0 # compatibility_mode=5893 16776574 100 94 1805918 56297133 0 0 # scanned=266084 # found=0 # cleaned=0 # scan_time=3629 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 45 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader XI Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` ][/CODE] |
Themen zu Sehr viel Werbung und Avira öffnet sich nicht |
andere, anderen, avira, frage, fragen, geöffnete, hilfe, laptop, nervt, probleme, pup.optional.delta.a, pup.optional.opencandy, pup.optional.softonic.a, pup.optional.somoto.a, pup.optional.spigot.a, seite, stelle, tagen, viel werbung, werbung, werbungen, öffnet |