Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sehr viel Werbung und Avira öffnet sich nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.04.2014, 13:32   #1
Carolinchen
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Hallo,

ich muss leider ein paar Probleme an meinem Laptop feststellen. Erstmal bekomme ich seit Tagen eine Flut von Werbungen hinter geöffnete Seite geschaltet, zum anderen ließ sich, nachdem ich entnervt Avira fragen wollte, ob irgendwas los ist, dieses sich nicht öffnen.

Ich bitte um Eure Hilfe

Alt 05.04.2014, 14:02   #2
M-K-D-B
/// TB-Ausbilder
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.




Avira ist nicht gut im Bereich Adware...
Wir beginnen erst mal so:



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________


Alt 05.04.2014, 14:09   #3
Carolinchen
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Danke für die schnelle Antwort


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Carolin (administrator) on VAIO on 05-04-2014 15:06:17
Running from C:\Users\Carolin\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Users\Carolin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
() C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\system32\wwahost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe\LiveComm.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\system32\wwahost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\calc.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-24] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-11-20] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Carolin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] ()
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Amazon Cloud Player] - C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Google Update] - C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-07] (Google Inc.)
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\RunOnce: [Uninstall C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKCU - DefaultScope {7044E424-6D67-491B-A8D4-63AE8052A479} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ecc5e1420000000000006036ddf3ae1d&r=765
SearchScopes: HKCU - {7044E424-6D67-491B-A8D4-63AE8052A479} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ecc5e1420000000000006036ddf3ae1d&r=765
SearchScopes: HKCU - {888CE8DE-9B98-40E5-8CA5-E2E178689566} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
SearchScopes: HKCU - {F667CA3A-C070-4694-8589-7B4F493E3D77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=ecc5e1420000000000006036ddf3ae1d
CHR DefaultSearchKeyword: softonic
CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=ecc5e1420000000000006036ddf3ae1d
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Google Update) - C:\Users\Carolin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Carolin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-07]
CHR Extension: (Google Drive) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-07]
CHR Extension: (YouTube) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-07]
CHR Extension: (Google-Suche) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-07]
CHR Extension: (Google Wallet) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-02-02]
CHR Extension: (Google Mail) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-07]

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-25] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-17] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-10-25] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-20] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-07] (Intel Corporation)
R3 rimssne; C:\Windows\System32\drivers\rimssne64.sys [103424 2012-08-23] (REDC)
R3 risdsnxc; C:\Windows\System32\drivers\risdsnxc64.sys [104960 2012-08-23] (REDC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-20] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 15:06 - 2014-04-05 15:06 - 00021286 _____ () C:\Users\Carolin\Downloads\FRST.txt
2014-04-05 15:05 - 2014-04-05 15:06 - 00000000 ____D () C:\FRST
2014-04-05 15:04 - 2014-04-05 15:04 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64.exe
2014-04-05 15:04 - 2014-04-05 15:04 - 01145856 _____ (Farbar) C:\Users\Carolin\Downloads\FRST.exe
2014-04-04 11:51 - 2014-04-04 11:54 - 00000000 ____D () C:\Users\Carolin\Desktop\Sammelsorium
2014-04-04 11:48 - 2014-04-05 12:49 - 00000000 ____D () C:\Users\Carolin\Desktop\Katzen
2014-04-04 01:21 - 2014-04-04 01:21 - 00236944 _____ () C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY (1).exe
2014-04-04 01:20 - 2014-04-04 01:20 - 00236944 _____ () C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY.exe
2014-03-30 14:39 - 2014-03-30 14:39 - 00026857 _____ () C:\Users\Carolin\Desktop\Unbenannt 2.odt
2014-03-23 21:44 - 2014-03-29 10:42 - 00000000 ____D () C:\Users\Carolin\Desktop\Studium
2014-03-16 18:20 - 2014-03-17 22:15 - 00000000 ____D () C:\Users\Carolin\Desktop\Wohnung
2014-03-13 15:37 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 15:37 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-13 15:37 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-13 15:36 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 15:36 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 15:36 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-13 15:36 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-13 15:36 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 15:36 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 15:36 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 15:36 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 15:36 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 15:36 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 15:36 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 15:36 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 15:36 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 15:36 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-13 15:36 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-13 15:36 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-13 15:35 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 15:35 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 15:35 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 15:35 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-09 19:37 - 2014-03-09 19:44 - 00058708 _____ () C:\Users\Carolin\Desktop\Renataschu_lerplanung.odt
2014-03-09 18:04 - 2014-03-09 18:04 - 00221488 _____ (Premium Installer ) C:\Users\Carolin\Downloads\Primal_Urge_(2000)_--BustyJana--.exe
2014-03-09 10:21 - 2014-03-10 21:15 - 00000000 ____D () C:\Users\Carolin\Desktop\Kleiderschrank
2014-03-08 18:25 - 2014-03-08 18:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\Carolin\Downloads\UnityWebPlayer.exe

==================== One Month Modified Files and Folders =======

2014-04-05 15:06 - 2014-04-05 15:06 - 00021286 _____ () C:\Users\Carolin\Downloads\FRST.txt
2014-04-05 15:06 - 2014-04-05 15:05 - 00000000 ____D () C:\FRST
2014-04-05 15:04 - 2014-04-05 15:04 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64.exe
2014-04-05 15:04 - 2014-04-05 15:04 - 01145856 _____ (Farbar) C:\Users\Carolin\Downloads\FRST.exe
2014-04-05 15:03 - 2014-02-10 21:53 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA.job
2014-04-05 15:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-05 14:38 - 2014-01-26 21:52 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\ClassicShell
2014-04-05 13:24 - 2013-04-24 18:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-05 12:49 - 2014-04-04 11:48 - 00000000 ____D () C:\Users\Carolin\Desktop\Katzen
2014-04-05 12:42 - 2013-10-08 19:04 - 01090403 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 20:03 - 2014-01-19 21:19 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f.job
2014-04-04 11:54 - 2014-04-04 11:51 - 00000000 ____D () C:\Users\Carolin\Desktop\Sammelsorium
2014-04-04 01:21 - 2014-04-04 01:21 - 00236944 _____ () C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY (1).exe
2014-04-04 01:20 - 2014-04-04 01:20 - 00236944 _____ () C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY.exe
2014-04-01 18:14 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-30 23:01 - 2013-04-09 23:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-03-30 23:01 - 2013-04-09 23:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-03-30 23:01 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 17:15 - 2013-05-07 09:04 - 01216000 ___SH () C:\Users\Carolin\Desktop\Thumbs.db
2014-03-30 14:39 - 2014-03-30 14:39 - 00026857 _____ () C:\Users\Carolin\Desktop\Unbenannt 2.odt
2014-03-29 20:58 - 2014-02-10 21:53 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA
2014-03-29 20:58 - 2014-02-10 21:53 - 00003708 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f
2014-03-29 10:42 - 2014-03-23 21:44 - 00000000 ____D () C:\Users\Carolin\Desktop\Studium
2014-03-21 09:26 - 2013-04-15 19:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-18 14:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-17 22:15 - 2014-03-16 18:20 - 00000000 ____D () C:\Users\Carolin\Desktop\Wohnung
2014-03-16 22:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-16 21:54 - 2013-04-15 18:32 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3055477381-348428017-1736558052-1001
2014-03-16 19:25 - 2013-05-09 20:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-16 19:19 - 2013-10-03 19:37 - 00000000 ____D () C:\Users\Carolin\Tracing
2014-03-16 19:19 - 2013-04-15 18:25 - 00000000 ___RD () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 19:19 - 2013-04-15 18:25 - 00000000 ___RD () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-16 18:54 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 18:53 - 2013-04-15 20:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 18:53 - 2013-04-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 18:52 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-11 22:24 - 2013-04-24 18:38 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 21:15 - 2014-03-09 10:21 - 00000000 ____D () C:\Users\Carolin\Desktop\Kleiderschrank
2014-03-09 19:44 - 2014-03-09 19:37 - 00058708 _____ () C:\Users\Carolin\Desktop\Renataschu_lerplanung.odt
2014-03-09 18:04 - 2014-03-09 18:04 - 00221488 _____ (Premium Installer ) C:\Users\Carolin\Downloads\Primal_Urge_(2000)_--BustyJana--.exe
2014-03-08 18:25 - 2014-03-08 18:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\Carolin\Downloads\UnityWebPlayer.exe

Some content of TEMP:
====================
C:\Users\Carolin\AppData\Local\Temp\avgnt.exe
C:\Users\Carolin\AppData\Local\Temp\iPhoneBackupExtractor-installer.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-28 18:38

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Carolin at 2014-04-05 15:06:46
Running from C:\Users\Carolin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6400_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - )
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{ECCD7F0B-2256-9B71-5B9D-3E78A4E6DF00}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.2.286 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5728.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.5728.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet J6400 14.0 Rel. 6 (HKLM\...\{4B4B81D9-3C2C-4388-A281-40F3299B911E}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41505) (Version: 3.8.0.41505.25 - Intel)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
J6400 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6748 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.4 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Zip Opener (HKCU\...\DSite) (Version:  - ) <==== ATTENTION
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.1.0.11020 - Sony Corporation)
VAIO Care (HKLM\...\{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}) (Version: 8.1.0.10120 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.3.0.09290 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.0.00.10170 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.0.08010 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Hardwarediagnose-Plugin für VAIO Care (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.7.0.11070 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
YTD Video Downloader 4.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.1 - GreenTree Applications SRL)

==================== Restore Points  =========================

18-03-2014 13:33:12 Geplanter Prüfpunkt
28-03-2014 19:23:42 Geplanter Prüfpunkt
05-04-2014 11:29:11 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-09-12 19:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0DEC829B-D148-41E0-9CE7-F869E6DAA1D3} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2C1BC45A-B1D9-4AE3-AE7E-5AB9F8FEEEEE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation)
Task: {2C3C76CB-0597-4366-9C78-031EDF4677A6} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {2E30B938-3573-46EC-A295-5C92E849EDDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {379B5F29-668C-430E-9E3F-E80165503C7A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {487ADFB8-F8AF-49D4-96F1-BC383F96EA38} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {4C586F85-263F-476D-B2D5-C6E5771267A6} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {65BC15A4-E991-48F4-AB11-81C4A7A492B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-21] (Microsoft Corporation)
Task: {7000A40B-B3FB-4C30-8071-670E54ABAF15} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {71730116-03DA-4BE2-8CCA-BFA87F16114F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {74F00795-4430-4725-B1F7-54E58B554D84} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {74F2DCFD-9DE2-484D-BC71-D393A9DBD9C7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {77E39C35-3F57-4F50-A9F5-EC6B7B35FBF6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {80BB06B6-79AE-411C-AC09-2AB24FF2B619} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {815B703B-9BF0-4D3F-B50C-6029F69FEA50} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {97D90083-6B0F-4530-9AA0-75593FC33585} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-08] (Sony Corporation)
Task: {98FDC752-E501-4814-B593-D219C14076DB} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {A708D4A1-FA88-4189-8068-3E8585DC0016} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A957BF76-5CB8-45E5-B0D3-67BC59EA389B} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {AFE0D4D5-EC19-4838-B4A5-3875B46C22FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {B0CE8FDE-E8A1-4412-9B43-C27E28CD639E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation)
Task: {B8AC73B1-84D9-4C64-A7C7-E7589991561B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation)
Task: {BCE30557-D3AB-4E12-AC6F-CD238F7BCCA7} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C8177601-FB6D-4766-BD3F-20302BEA1EAB} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED6BAAB6-2972-437D-A7D5-5B65BE56E37E} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation)
Task: {EF3369A7-72FC-4A23-AF74-4FCD98D9BB3C} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {F93CAE5D-D0F0-4D0D-970F-01E397D86916} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2012-11-01] (Sony Corporation)
Task: {F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} - \BrowserDefendert No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f.job => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA.job => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 13:27 - 2012-08-06 13:27 - 00156672 _____ () C:\Program Files\Sony\VAIO Care\VCPerfService.exe
2012-10-25 09:10 - 2012-10-25 09:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-09 23:50 - 2013-05-09 23:50 - 00400704 _____ () C:\Users\Carolin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-12-15 10:57 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2012-08-06 11:54 - 2012-08-06 11:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-21 09:11 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-15 19:15 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-08-06 13:27 - 2012-08-06 13:27 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-09 22:43 - 2012-07-25 04:52 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2014-01-12 19:39 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-12 19:39 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-04-23 18:30 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-05-03 15:35 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-27 17:30 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 00051016 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 00716616 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 00100168 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 04061000 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 00394568 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 01647432 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 13637448 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 389125

Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 389125

Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4922

Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4922

Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/04/2014 11:11:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3750


System errors:
=============
Error: (04/05/2014 11:38:04 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/04/2014 11:14:25 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/03/2014 09:19:57 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/02/2014 04:53:01 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/01/2014 06:12:51 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (03/30/2014 01:58:22 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (03/30/2014 09:47:33 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (03/29/2014 08:41:15 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (03/28/2014 03:02:30 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (03/27/2014 04:56:36 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.


Microsoft Office Sessions:
=========================
Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 389125

Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 389125

Error: (04/05/2014 02:24:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (04/05/2014 02:18:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4922

Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4922

Error: (04/04/2014 11:11:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/04/2014 11:11:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3750


CodeIntegrity Errors:
===================================
  Date: 2013-09-12 19:48:02.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 28%
Total physical RAM: 8064.39 MB
Available physical RAM: 5797.55 MB
Total Pagefile: 13033.13 MB
Available Pagefile: 6608.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:435.29 GB) (Free:335.55 GB) NTFS
Drive d: (RAYMAN) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1B831D38)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 05.04.2014, 14:15   #4
M-K-D-B
/// TB-Ausbilder
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Servus,


Zitat:
Running from C:\Users\Carolin\Downloads
Die Tools auf dem Desktop abspeichern bzw. von dort starten, nicht vom Downloadordner.







Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen können.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek.

Alt 05.04.2014, 15:20   #5
Carolinchen
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



AdwCleaner hat gar nichts gefunden.

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by Carolin on 05.04.2014 at 15:29:08,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7044E424-6D67-491B-A8D4-63AE8052A479}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\bitguard"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Carolin\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Carolin\appdata\locallow\softonic"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.04.2014 at 15:32:58,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 05.04.2014
Suchlauf-Zeit: 15:56:33
Logdatei: mb.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.05.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Carolin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 265289
Verstrichene Zeit: 14 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 14
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1231839B-064E-4788-B865-465A1B5266FD}, In Quarantäne, [c040d729bf41e9176d3cc1800af81de3], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2DAC2231-CC35-482B-97C5-CED1D4185080}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{57C91446-8D81-4156-A70E-624551442DE9}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{97DD820D-2E20-40AD-B01E-6730B2FCE630}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B177446D-54A4-4869-BABC-8566110B4BE0}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05B12E1-ADE8-4485-B45B-898748B53C37}, In Quarantäne, [b44c1fe17a86ed13bcedaa97a85a0af6], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 3
PUP.Optional.Softonic.A, C:\Users\Carolin\AppData\Local\Temp\mt_ffx\Softonic, In Quarantäne, [669a1ce4857bf80856e5f06ce2206d93], 
PUP.Optional.Softonic.A, C:\Users\Carolin\AppData\Local\Temp\mt_ffx\Softonic\Softonic, In Quarantäne, [669a1ce4857bf80856e5f06ce2206d93], 
PUP.Optional.Softonic.A, C:\Users\Carolin\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14, In Quarantäne, [669a1ce4857bf80856e5f06ce2206d93], 

Dateien: 6
PUP.Optional.Somoto.A, C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY (1).exe, In Quarantäne, [e91724dc887826da7e50decc3dc69769], 
PUP.Optional.Somoto.A, C:\Users\Carolin\Downloads\ClickHeretoDownloadSetup-bLXPgMEY.exe, In Quarantäne, [7f8138c8718f8a76b31b9a101fe428d8], 
PUP.Optional.OpenCandy, C:\Users\Carolin\Downloads\iphonebackupextractor_4.5.6.0.exe, In Quarantäne, [2ad6e41c29d73ec274b5102818ece21e], 
PUP.Optional.OptimumInstaller.A, C:\Users\Carolin\Downloads\Primal_Urge_(2000)_--BustyJana--.exe, In Quarantäne, [90702ad640c030d057eeca7c8f727789], 
PUP.Optional.Spigot.A, C:\Users\Carolin\Desktop\Programme\Dat janse Zeuch\YTD471Setup.exe, In Quarantäne, [e21e827e4fb1cb35aad00e1820e012ee], 
PUP.Optional.Softonic.A, C:\Users\Carolin\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14\softonic.xpi, In Quarantäne, [669a1ce4857bf80856e5f06ce2206d93], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Carolin on 05.04.2014 at 16:06:44,35.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Carolin\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

05.04.2014 16:08:02 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3055477381-348428017-1736558052-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
HKEY_USERS\S-1-5-21-3055477381-348428017-1736558052-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_USERS\S-1-5-21-3055477381-348428017-1736558052-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\GreenTree Applications deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\found.004 deleted
C:\found.005 deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted

==== Chrome Look ======================

20-20 3D Viewer for IKEA - Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp

==== Chrome Fix ======================

C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage deleted successfully
C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{888CE8DE-9B98-40E5-8CA5-E2E178689566}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{888CE8DE-9B98-40E5-8CA5-E2E178689566} eBay  Url="hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}"
{F667CA3A-C070-4694-8589-7B4F493E3D77} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS"

==== Reset Google Chrome ======================

C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Carolin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Carolin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=128 folders=92 56439523 bytes)

==== Empty Temp Folders ======================

C:\Users\Carolin\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Carolin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 05.04.2014 at 16:16:28,77 ======================
         


Alt 05.04.2014, 15:31   #6
M-K-D-B
/// TB-Ausbilder
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Zitat:
Zitat von Carolinchen Beitrag anzeigen
AdwCleaner hat gar nichts gefunden.
Logdatei nachreichen bitte.

Alt 05.04.2014, 15:37   #7
Carolinchen
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 05/04/2014 um 16:36:58
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Carolin - VAIO
# Gestartet von : C:\Users\Carolin\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Google Chrome v

[ Datei : C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10312 octets] - [14/09/2013 21:30:06]
AdwCleaner[R1].txt - [3212 octets] - [05/04/2014 15:25:50]
AdwCleaner[R2].txt - [1384 octets] - [05/04/2014 16:36:58]
AdwCleaner[S0].txt - [6703 octets] - [14/09/2013 21:32:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1504 octets] ##########
         

Alt 05.04.2014, 15:43   #8
M-K-D-B
/// TB-Ausbilder
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Servus,


in dieser Logdatei steht nicht, dass die Funde entfernt wurden.


Dies bitte nachholen und alle Funde entfernen lassen und/oder die Logdatei davon posten.

Alt 05.04.2014, 18:09   #9
Carolinchen
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Wenn ich den Suchlauf starte, findet es aber nichts und darum kann ich auch nichts zum Entfernen auswählen

Ich habe jetzt noch 2mal suchen lassen und jetzt endlich, ist dabei etwas zustande gekommen:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.003 - Bericht erstellt am 14/09/2013 um 21:32:11
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Carolin - VAIO
# Gestartet von : C:\Users\Carolin\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Ordner Gelöscht : C:\Program Files (x86)\delta
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Carolin\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Carolin\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Carolin\AppData\Roaming\optimizer pro
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\Carolin\Desktop\Optimizer Pro.lnk
Datei Gelöscht : C:\Windows\System32\Tasks\BrowserDefendert

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\e558ddce13de843
Schlüssel Gelöscht : HKLM\SOFTWARE\e558ddce13de843
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Google Chrome v

[ Datei : C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [7159 octets] - [14/09/2013 21:30:06]
AdwCleaner[S0].txt - [6555 octets] - [14/09/2013 21:32:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6615 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 05/04/2014 um 19:05:20
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Carolin - VAIO
# Gestartet von : C:\Users\Carolin\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Google Chrome v

[ Datei : C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10312 octets] - [14/09/2013 21:30:06]
AdwCleaner[R1].txt - [3212 octets] - [05/04/2014 15:25:50]
AdwCleaner[R2].txt - [1600 octets] - [05/04/2014 16:36:58]
AdwCleaner[S0].txt - [8148 octets] - [14/09/2013 21:32:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8208 octets] ##########
         
--- --- ---

Alt 05.04.2014, 18:10   #10
M-K-D-B
/// TB-Ausbilder
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Zitat:
Zitat von Carolinchen Beitrag anzeigen
Wenn ich den Suchlauf starte, findet es aber nichts und darum kann ich auch nichts zum Entfernen auswählen
Ok, aber man muss nichts "auswählen", um etwas zu entfernen.
Man klickt nach dem Suchlauf einfach auf Löschen.






Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.



Noch Probleme mit Werbung? Wenn ja, in welchem Browser?
Wie läuft Avira?

Alt 05.04.2014, 18:16   #11
Carolinchen
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Jetzt richtig?

Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 05/04/2014 um 19:13:25
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Carolin - VAIO
# Gestartet von : C:\Users\Carolin\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Google Chrome v

[ Datei : C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10312 octets] - [14/09/2013 21:30:06]
AdwCleaner[R1].txt - [3212 octets] - [05/04/2014 15:25:50]
AdwCleaner[R2].txt - [1600 octets] - [05/04/2014 16:36:58]
AdwCleaner[R3].txt - [999 octets] - [05/04/2014 19:12:59]
AdwCleaner[S0].txt - [8304 octets] - [14/09/2013 21:32:11]
AdwCleaner[S1].txt - [921 octets] - [05/04/2014 19:13:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [980 octets] ##########
         

Alt 05.04.2014, 18:22   #12
M-K-D-B
/// TB-Ausbilder
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Servus,


ja.




Weiter mit FRST und der Beantwortung meiner Fragen wie im letzten Post geschrieben bitte.

Alt 05.04.2014, 22:44   #13
Carolinchen
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Oh sorry, hatte ich ganz übersehen:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Carolin (administrator) on VAIO on 05-04-2014 19:44:52
Running from C:\Users\Carolin\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
() C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Farbar) C:\Users\Carolin\Desktop\FRST64 (2).exe
(Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Carolin\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-24] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-11-20] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Carolin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] ()
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Amazon Cloud Player] - C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\Run: [Google Update] - C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-07] (Google Inc.)
HKU\S-1-5-21-3055477381-348428017-1736558052-1001\...\RunOnce: [Uninstall C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {888CE8DE-9B98-40E5-8CA5-E2E178689566} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
SearchScopes: HKCU - {F667CA3A-C070-4694-8589-7B4F493E3D77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-07]
CHR Extension: (Google Drive) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-07]
CHR Extension: (YouTube) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-07]
CHR Extension: (Google-Suche) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-07]
CHR Extension: (Google Wallet) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Google Mail) - C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-07]

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-17] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-10-25] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-20] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-07] (Intel Corporation)
R3 rimssne; C:\Windows\System32\drivers\rimssne64.sys [103424 2012-08-23] (REDC)
R3 risdsnxc; C:\Windows\System32\drivers\risdsnxc64.sys [104960 2012-08-23] (REDC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-20] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 19:42 - 2014-04-05 19:44 - 00018519 _____ () C:\Users\Carolin\Desktop\FRST.txt
2014-04-05 19:42 - 2014-04-05 19:42 - 00036383 _____ () C:\Users\Carolin\Desktop\Addition.txt
2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64 (3).exe
2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64 (1).exe
2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Desktop\FRST64 (2).exe
2014-04-05 16:14 - 2014-04-05 16:06 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-05 16:08 - 2014-04-05 16:16 - 00006148 _____ () C:\zoek-results.log
2014-04-05 16:06 - 2014-04-05 16:14 - 00000000 ____D () C:\zoek_backup
2014-04-05 16:05 - 2014-04-05 16:05 - 00004401 _____ () C:\Users\Carolin\Desktop\mb.txt
2014-04-05 15:59 - 2014-04-05 15:59 - 00468968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 15:37 - 2014-04-05 19:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 15:37 - 2014-04-05 15:40 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-05 15:37 - 2014-04-05 15:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-05 15:37 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-05 15:37 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-05 15:37 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-05 15:36 - 2014-04-05 15:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Carolin\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-05 15:35 - 2014-04-05 15:35 - 01285120 _____ () C:\Users\Carolin\Desktop\zoek.exe
2014-04-05 15:32 - 2014-04-05 15:32 - 00001153 _____ () C:\Users\Carolin\Desktop\JRT.txt
2014-04-05 15:28 - 2014-04-05 15:28 - 01038974 _____ (Thisisu) C:\Users\Carolin\Desktop\JRT.exe
2014-04-05 15:27 - 2014-04-05 15:27 - 01038974 _____ (Thisisu) C:\Users\Carolin\Downloads\JRT (1).exe
2014-04-05 15:26 - 2014-04-05 15:26 - 01038974 _____ (Thisisu) C:\Users\Carolin\Downloads\JRT.exe
2014-04-05 15:22 - 2014-04-05 15:22 - 01426178 _____ () C:\Users\Carolin\Desktop\adwcleaner.exe
2014-04-05 15:20 - 2014-04-05 15:20 - 01426178 _____ () C:\Users\Carolin\Downloads\adwcleaner (1).exe
2014-04-05 15:19 - 2014-04-05 15:20 - 01426178 _____ () C:\Users\Carolin\Downloads\adwcleaner.exe
2014-04-05 15:18 - 2014-04-05 15:18 - 00023409 _____ () C:\Users\Carolin\Desktop\b2.odt
2014-04-05 15:18 - 2014-04-05 15:18 - 00019438 _____ () C:\Users\Carolin\Desktop\tabelle.odt
2014-04-05 15:18 - 2014-04-05 15:18 - 00019116 _____ () C:\Users\Carolin\Desktop\grüwffelo.odt
2014-04-05 15:06 - 2014-04-05 15:11 - 00033571 _____ () C:\Users\Carolin\Downloads\FRST.txt
2014-04-05 15:06 - 2014-04-05 15:11 - 00000712 _____ () C:\Users\Carolin\Downloads\Addition.txt
2014-04-05 15:05 - 2014-04-05 19:44 - 00000000 ____D () C:\FRST
2014-04-05 15:04 - 2014-04-05 15:04 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64.exe
2014-04-05 15:04 - 2014-04-05 15:04 - 01145856 _____ (Farbar) C:\Users\Carolin\Downloads\FRST.exe
2014-04-04 11:51 - 2014-04-04 11:54 - 00000000 ____D () C:\Users\Carolin\Desktop\Sammelsorium
2014-04-04 11:48 - 2014-04-05 12:49 - 00000000 ____D () C:\Users\Carolin\Desktop\Katzen
2014-03-30 14:39 - 2014-03-30 14:39 - 00026857 _____ () C:\Users\Carolin\Desktop\Unbenannt 2.odt
2014-03-23 21:44 - 2014-03-29 10:42 - 00000000 ____D () C:\Users\Carolin\Desktop\Studium
2014-03-16 18:20 - 2014-03-17 22:15 - 00000000 ____D () C:\Users\Carolin\Desktop\Wohnung
2014-03-13 15:37 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 15:37 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-13 15:37 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-13 15:36 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 15:36 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 15:36 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-13 15:36 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-13 15:36 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 15:36 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 15:36 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 15:36 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 15:36 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 15:36 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 15:36 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 15:36 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 15:36 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 15:36 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 15:36 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 15:36 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-13 15:36 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-13 15:36 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-13 15:35 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 15:35 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 15:35 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 15:35 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-09 19:37 - 2014-03-09 19:44 - 00058708 _____ () C:\Users\Carolin\Desktop\Renataschu_lerplanung.odt
2014-03-09 10:21 - 2014-03-10 21:15 - 00000000 ____D () C:\Users\Carolin\Desktop\Kleiderschrank
2014-03-08 18:25 - 2014-03-08 18:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\Carolin\Downloads\UnityWebPlayer.exe

==================== One Month Modified Files and Folders =======

2014-04-05 19:44 - 2014-04-05 19:42 - 00018519 _____ () C:\Users\Carolin\Desktop\FRST.txt
2014-04-05 19:44 - 2014-04-05 15:05 - 00000000 ____D () C:\FRST
2014-04-05 19:42 - 2014-04-05 19:42 - 00036383 _____ () C:\Users\Carolin\Desktop\Addition.txt
2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64 (3).exe
2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64 (1).exe
2014-04-05 19:41 - 2014-04-05 19:41 - 02157056 _____ (Farbar) C:\Users\Carolin\Desktop\FRST64 (2).exe
2014-04-05 19:24 - 2013-04-24 18:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-05 19:22 - 2013-10-08 19:04 - 01169680 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 19:20 - 2013-04-09 23:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-04-05 19:20 - 2013-04-09 23:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-04-05 19:20 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 19:19 - 2013-04-15 18:32 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3055477381-348428017-1736558052-1001
2014-04-05 19:15 - 2013-10-03 19:37 - 00000000 ____D () C:\Users\Carolin\Tracing
2014-04-05 19:15 - 2013-05-09 20:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-05 19:14 - 2014-04-05 15:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 19:14 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 19:13 - 2013-09-14 21:29 - 00000000 ____D () C:\AdwCleaner
2014-04-05 19:13 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-05 19:03 - 2014-02-10 21:53 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA.job
2014-04-05 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-05 16:19 - 2014-01-26 21:52 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\ClassicShell
2014-04-05 16:16 - 2014-04-05 16:08 - 00006148 _____ () C:\zoek-results.log
2014-04-05 16:15 - 2013-10-14 23:46 - 00009264 _____ () C:\Windows\PFRO.log
2014-04-05 16:14 - 2014-04-05 16:06 - 00000000 ____D () C:\zoek_backup
2014-04-05 16:06 - 2014-04-05 16:14 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-05 16:05 - 2014-04-05 16:05 - 00004401 _____ () C:\Users\Carolin\Desktop\mb.txt
2014-04-05 15:59 - 2014-04-05 15:59 - 00468968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 15:40 - 2014-04-05 15:37 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-05 15:40 - 2014-04-05 15:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-05 15:37 - 2014-04-05 15:36 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Carolin\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-05 15:37 - 2013-09-14 21:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-05 15:35 - 2014-04-05 15:35 - 01285120 _____ () C:\Users\Carolin\Desktop\zoek.exe
2014-04-05 15:32 - 2014-04-05 15:32 - 00001153 _____ () C:\Users\Carolin\Desktop\JRT.txt
2014-04-05 15:28 - 2014-04-05 15:28 - 01038974 _____ (Thisisu) C:\Users\Carolin\Desktop\JRT.exe
2014-04-05 15:27 - 2014-04-05 15:27 - 01038974 _____ (Thisisu) C:\Users\Carolin\Downloads\JRT (1).exe
2014-04-05 15:26 - 2014-04-05 15:26 - 01038974 _____ (Thisisu) C:\Users\Carolin\Downloads\JRT.exe
2014-04-05 15:22 - 2014-04-05 15:22 - 01426178 _____ () C:\Users\Carolin\Desktop\adwcleaner.exe
2014-04-05 15:20 - 2014-04-05 15:20 - 01426178 _____ () C:\Users\Carolin\Downloads\adwcleaner (1).exe
2014-04-05 15:20 - 2014-04-05 15:19 - 01426178 _____ () C:\Users\Carolin\Downloads\adwcleaner.exe
2014-04-05 15:18 - 2014-04-05 15:18 - 00023409 _____ () C:\Users\Carolin\Desktop\b2.odt
2014-04-05 15:18 - 2014-04-05 15:18 - 00019438 _____ () C:\Users\Carolin\Desktop\tabelle.odt
2014-04-05 15:18 - 2014-04-05 15:18 - 00019116 _____ () C:\Users\Carolin\Desktop\grüwffelo.odt
2014-04-05 15:11 - 2014-04-05 15:06 - 00033571 _____ () C:\Users\Carolin\Downloads\FRST.txt
2014-04-05 15:11 - 2014-04-05 15:06 - 00000712 _____ () C:\Users\Carolin\Downloads\Addition.txt
2014-04-05 15:04 - 2014-04-05 15:04 - 02157056 _____ (Farbar) C:\Users\Carolin\Downloads\FRST64.exe
2014-04-05 15:04 - 2014-04-05 15:04 - 01145856 _____ (Farbar) C:\Users\Carolin\Downloads\FRST.exe
2014-04-05 12:49 - 2014-04-04 11:48 - 00000000 ____D () C:\Users\Carolin\Desktop\Katzen
2014-04-04 20:03 - 2014-01-19 21:19 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f.job
2014-04-04 11:54 - 2014-04-04 11:51 - 00000000 ____D () C:\Users\Carolin\Desktop\Sammelsorium
2014-04-03 09:51 - 2014-04-05 15:37 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-05 15:37 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-05 15:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 18:14 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-30 17:15 - 2013-05-07 09:04 - 01216000 ___SH () C:\Users\Carolin\Desktop\Thumbs.db
2014-03-30 14:39 - 2014-03-30 14:39 - 00026857 _____ () C:\Users\Carolin\Desktop\Unbenannt 2.odt
2014-03-29 20:58 - 2014-02-10 21:53 - 00004088 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA
2014-03-29 20:58 - 2014-02-10 21:53 - 00003708 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f
2014-03-29 10:42 - 2014-03-23 21:44 - 00000000 ____D () C:\Users\Carolin\Desktop\Studium
2014-03-21 09:26 - 2013-04-15 19:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-18 14:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-17 22:15 - 2014-03-16 18:20 - 00000000 ____D () C:\Users\Carolin\Desktop\Wohnung
2014-03-16 22:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-16 19:19 - 2013-04-15 18:25 - 00000000 ___RD () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 19:19 - 2013-04-15 18:25 - 00000000 ___RD () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-16 18:53 - 2013-04-15 20:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 18:53 - 2013-04-15 20:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-16 18:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-11 22:24 - 2013-04-24 18:38 - 00003766 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 21:15 - 2014-03-09 10:21 - 00000000 ____D () C:\Users\Carolin\Desktop\Kleiderschrank
2014-03-09 19:44 - 2014-03-09 19:37 - 00058708 _____ () C:\Users\Carolin\Desktop\Renataschu_lerplanung.odt
2014-03-08 18:25 - 2014-03-08 18:25 - 01070496 _____ (Unity Technologies ApS) C:\Users\Carolin\Downloads\UnityWebPlayer.exe

Some content of TEMP:
====================
C:\Users\Carolin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-28 18:38

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Carolin at 2014-04-05 19:45:06
Running from C:\Users\Carolin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6400_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - )
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{ECCD7F0B-2256-9B71-5B9D-3E78A4E6DF00}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.2.286 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5728.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.5728.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet J6400 14.0 Rel. 6 (HKLM\...\{4B4B81D9-3C2C-4388-A281-40F3299B911E}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41505) (Version: 3.8.0.41505.25 - Intel)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
J6400 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6748 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.4 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.1.0.11020 - Sony Corporation)
VAIO Care (HKLM\...\{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}) (Version: 8.1.0.10120 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.3.0.09290 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.0.00.10170 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.0.08010 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Hardwarediagnose-Plugin für VAIO Care (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.7.0.11070 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
YTD Video Downloader 4.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.1 - GreenTree Applications SRL)

==================== Restore Points  =========================

18-03-2014 13:33:12 Geplanter Prüfpunkt
28-03-2014 19:23:42 Geplanter Prüfpunkt
05-04-2014 11:29:11 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-09-12 19:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2C3C76CB-0597-4366-9C78-031EDF4677A6} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {2E30B938-3573-46EC-A295-5C92E849EDDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {379B5F29-668C-430E-9E3F-E80165503C7A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {487ADFB8-F8AF-49D4-96F1-BC383F96EA38} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {4C586F85-263F-476D-B2D5-C6E5771267A6} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {65BC15A4-E991-48F4-AB11-81C4A7A492B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-21] (Microsoft Corporation)
Task: {7000A40B-B3FB-4C30-8071-670E54ABAF15} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {71730116-03DA-4BE2-8CCA-BFA87F16114F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {74F00795-4430-4725-B1F7-54E58B554D84} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {74F2DCFD-9DE2-484D-BC71-D393A9DBD9C7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {7570CBF6-7C42-4F05-B96D-4154B2EF5785} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation)
Task: {77E39C35-3F57-4F50-A9F5-EC6B7B35FBF6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {80BB06B6-79AE-411C-AC09-2AB24FF2B619} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {815B703B-9BF0-4D3F-B50C-6029F69FEA50} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {97D90083-6B0F-4530-9AA0-75593FC33585} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-08] (Sony Corporation)
Task: {98FDC752-E501-4814-B593-D219C14076DB} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {A708D4A1-FA88-4189-8068-3E8585DC0016} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A957BF76-5CB8-45E5-B0D3-67BC59EA389B} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {AFE0D4D5-EC19-4838-B4A5-3875B46C22FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)
Task: {B0CE8FDE-E8A1-4412-9B43-C27E28CD639E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation)
Task: {B8AC73B1-84D9-4C64-A7C7-E7589991561B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation)
Task: {BCE30557-D3AB-4E12-AC6F-CD238F7BCCA7} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C8177601-FB6D-4766-BD3F-20302BEA1EAB} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED6BAAB6-2972-437D-A7D5-5B65BE56E37E} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-04-03] (Sony Corporation)
Task: {EF3369A7-72FC-4A23-AF74-4FCD98D9BB3C} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {F93CAE5D-D0F0-4D0D-970F-01E397D86916} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2012-11-01] (Sony Corporation)
Task: {F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} - \BrowserDefendert No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001Core1cf154b6ea9ab1f.job => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3055477381-348428017-1736558052-1001UA.job => C:\Users\Carolin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-21 09:11 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-15 19:15 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-10-25 09:10 - 2012-10-25 09:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-16 10:35 - 2012-11-20 01:03 - 00812544 _____ () C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
2013-12-15 10:57 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2012-08-06 11:54 - 2012-08-06 11:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-06 13:27 - 2012-08-06 13:27 - 00156672 _____ () C:\Program Files\Sony\VAIO Care\VCPerfService.exe
2012-08-06 13:27 - 2012-08-06 13:27 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-16 10:35 - 2012-04-26 14:38 - 20758016 _____ () C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll
2014-01-12 19:39 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-12 19:39 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-04-23 18:30 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-05-03 15:35 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-27 17:30 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-04-09 23:13 - 2012-10-04 22:21 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2013-04-09 22:43 - 2012-07-25 04:52 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 00051016 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 00716616 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 00100168 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 04061000 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 00394568 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 20:59 - 2014-03-15 02:50 - 01647432 _____ () C:\Users\Carolin\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2014 07:15:18 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/05/2014 07:08:00 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/05/2014 07:07:23 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/05/2014 06:24:11 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (04/05/2014 04:17:08 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/05/2014 04:02:23 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/05/2014 03:41:36 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.0.0.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 360c

Startzeit: 01cf50d4ac6e0e47

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

Berichts-ID: fe2d0976-bcc7-11e3-beb6-6036ddf3ae20

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (04/05/2014 07:14:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/05/2014 07:14:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht.

Error: (04/05/2014 07:14:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/05/2014 07:14:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht.

Error: (04/05/2014 07:13:50 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {78FD0120-D39C-45D8-A9BE-2B802B3C23E5}

Error: (04/05/2014 07:13:50 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {78FD0120-D39C-45D8-A9BE-2B802B3C23E5}

Error: (04/05/2014 07:09:01 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "VAIO" auf Transport "NetBT_Tcpip_{9F95C365-34F7-40CF-BF98-A267914549E3}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/05/2014 07:06:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/05/2014 07:06:31 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht.

Error: (04/05/2014 07:06:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (04/05/2014 07:15:18 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/05/2014 07:08:00 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/05/2014 07:07:23 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/05/2014 06:24:11 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (04/05/2014 04:17:08 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/05/2014 04:02:23 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/05/2014 03:41:36 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.0.0.500360c01cf50d4ac6e0e470C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exefe2d0976-bcc7-11e3-beb6-6036ddf3ae20


CodeIntegrity Errors:
===================================
  Date: 2013-09-12 19:48:02.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 8064.39 MB
Available physical RAM: 6075.89 MB
Total Pagefile: 12032.39 MB
Available Pagefile: 9873.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:435.29 GB) (Free:339.65 GB) NTFS
Drive d: (RAYMAN) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1B831D38)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Also momentan kann ich unter Chrome keine Probleme mit der Werbung feststellen. Avira lässt sich immer noch nicht öffnen und übrigens auch der Windows Defender sagt, er wäre deaktiviert worden. Kann ich mich nicht dran erinnern, dass ich das mal gemacht haben soll.

Update: Hatte wieder vereinzelt Werbungen hinter Seiten

Alt 06.04.2014, 12:20   #14
M-K-D-B
/// TB-Ausbilder
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Servus,


Zitat:
Zitat von Carolinchen Beitrag anzeigen
Update: Hatte wieder vereinzelt Werbungen hinter Seiten
welcher Browser?
Seit wann (Datum, Uhrzeit) ?



Wegen Avira und Windows Defener kümmern wir uns zum Schluss.




Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
Task: {F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} - \BrowserDefendert No Task File
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 06.04.2014, 14:38   #15
Carolinchen
 
Sehr viel Werbung und Avira öffnet sich nicht - Standard

Sehr viel Werbung und Avira öffnet sich nicht



Die Werbung trat gestern so gegen 23 Uhr im Chrome auf, allerdings habe ich auch erst da wieder intensiver gesurft

Hier Teil 1:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Carolin at 2014-04-06 14:11:16 Run:1
Running from C:\Users\Carolin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Task: {F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} - \BrowserDefendert No Task File
end
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F96AFE6F-56C1-4B6F-81C9-ED1B456A8962} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert => Key deleted successfully.

==== End of Fixlog ====
         
Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : VAIO
   Windows . . . . . . . : 6.2.0.9200.X64/4
   User name . . . . . . : VAIO\Carolin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-04-06 14:15:19
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 43s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 116

   Objects scanned . . . : 2.776.851
   Files scanned . . . . : 58.463
   Remnants scanned  . . : 1.451.596 files / 1.266.792 keys

Suspicious files ____________________________________________________________

   C:\Users\Carolin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
      Size . . . . . . . : 3.145.536 bytes
      Age  . . . . . . . : 112.1 days (2013-12-15 10:57:55)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : A40A288FFB10C869C73E06121C31CCEFF83F5F64F638E29F90ED845AD8DF0BE3
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\Windows\Explorer.EXE
      Authenticode . . . : Self-signed
      Running processes  : 5608
      Fuzzy  . . . . . . : 24.0
         Program is code self-signed.
         This program is actively listening for inbound network connections.
         Uses the Windows Registry to run each time the user logs on.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
      Startup
         HKU\S-1-5-21-3055477381-348428017-1736558052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Amazon Cloud Player
      Network Ports
         127.0.0.1:4750	


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-3055477381-348428017-1736558052-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
   HKU\S-1-5-21-3055477381-348428017-1736558052-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted
   HKU\S-1-5-21-3055477381-348428017-1736558052-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:112.2o7.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:3276817.fls.doubleclick.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adnet.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.beepworld.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.inpulds.info
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.reklamport.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.velmedia.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.1a-infosysteme.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.audience2media.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.brandwire.tv
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.click-now.co
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.escinteractive.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ibtracking.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pornerbros.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.smartstream.tv
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.snautz.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.socialvi.be
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.travelaudience.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserve.postrelease.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.erstehilfe.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.gb5.motorpresse.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertizenet.rotator.hadj7.adjuggler.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.pgmediaserve.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fr.sitestat.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:hdpornfree.tv
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:palxxx.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornerbros.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornpayperminute.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tomorrowfocustechnologiesgmbh.112.2o7.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adcocktail.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.effiliation.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.tnm.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.webstatistik-bw.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.zalando.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tuiinteractive.122.2o7.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:vod.pornpayperview.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:warnerbros.112.2o7.net
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornerbros.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornpayperview.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexkontakt.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.youporn.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:youporn.com
   C:\Users\Carolin\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
         
Teil 2:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4370c2eeb525c2478939b2eec367083c
# engine=17772
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-06 01:30:22
# local_time=2014-04-06 03:30:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775166 100 94 6004237 262214312 5993403 0
# compatibility_mode=5893 16776574 100 94 1805918 56297133 0 0
# scanned=266084
# found=0
# cleaned=0
# scan_time=3629
         
[CODE Results of screen317's Security Check version 0.99.80
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 12.0.0.77
Adobe Reader XI
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
][/CODE]

Antwort

Themen zu Sehr viel Werbung und Avira öffnet sich nicht
andere, anderen, avira, frage, fragen, geöffnete, hilfe, laptop, nervt, probleme, pup.optional.delta.a, pup.optional.opencandy, pup.optional.softonic.a, pup.optional.somoto.a, pup.optional.spigot.a, seite, stelle, tagen, viel werbung, werbung, werbungen, öffnet




Ähnliche Themen: Sehr viel Werbung und Avira öffnet sich nicht


  1. sehr viel Werbung
    Plagegeister aller Art und deren Bekämpfung - 13.10.2015 (13)
  2. Sehr viel unerwünschte Werbung bei Nutzung meines Browers (Chrome)
    Plagegeister aller Art und deren Bekämpfung - 24.06.2015 (9)
  3. Windows 8/ ungewollte AddOns, langsam, sehr viel Werbung
    Log-Analyse und Auswertung - 11.03.2015 (6)
  4. Sehr viel Werbung so wie Hintergrund Musik
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (5)
  5. Windows 8: sehr langsames Internet und viel Werbung
    Plagegeister aller Art und deren Bekämpfung - 29.12.2014 (15)
  6. Sehr viel Werbung und sehr langsamer Laptop
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (16)
  7. Sehr viel Werbung und neue Fenster
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (11)
  8. sehr VIEL Werbung...
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (3)
  9. Schrift erscheint grün und doppelt unterstrichen, der Computer ist sehr langsam, viel Werbung
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (31)
  10. sehr viel Werbung, PC langsam
    Alles rund um Windows - 23.05.2014 (2)
  11. Virus: Avira kann nicht geupdated werden/ verbraucht sehr viel CPU
    Log-Analyse und Auswertung - 10.05.2014 (74)
  12. Windows 8 Laptop-Sehr viel Werbung in Browsern
    Log-Analyse und Auswertung - 24.11.2013 (3)
  13. Windows 8: Bekomme sehr viel Werbung/PC langsam
    Plagegeister aller Art und deren Bekämpfung - 17.09.2013 (13)
  14. Sehr viel Werbung und langsames Internet?
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (8)
  15. Sehr viel Werbung im Browser!
    Log-Analyse und Auswertung - 17.08.2013 (12)
  16. Firefox öffnet Tabs mit Werbung / Anstelle einer verlinkten URL öffnet sich Werbung
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (4)
  17. PC sehr träge + Antivir öffnet sich nicht mehr!
    Log-Analyse und Auswertung - 29.12.2009 (1)

Zum Thema Sehr viel Werbung und Avira öffnet sich nicht - Hallo, ich muss leider ein paar Probleme an meinem Laptop feststellen. Erstmal bekomme ich seit Tagen eine Flut von Werbungen hinter geöffnete Seite geschaltet, zum anderen ließ sich, nachdem ich - Sehr viel Werbung und Avira öffnet sich nicht...

Alle Zeitangaben in WEZ +1. Es ist jetzt 06:19 Uhr.


Copyright ©2000-2024, Trojaner-Board
Archiv
Du betrachtest: Sehr viel Werbung und Avira öffnet sich nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.