Hallo,

wenn ich in´s Internet gehe kommen zwischendurch solche Werbe-Fenster. Sind das Pop-Ups? Aber immer von der gleichen Sache welche dann aber auch gelegentlich mal wechselt und dann aber ne Zeit lang den gleichen Inhalt hat.

Woran kann das liegen? Ich habe Angst einen Trojaner zu haben.

Könnte mir jemand helfen?

Danke

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2014
Ran by User (administrator) on NOTEBOOK on 13-04-2014 19:00:12
Running from C:\Users\User\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403d83-ac64-11df-8eb6-0013a9c9eb0b} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403dd4-ac64-11df-8eb6-001e101fa1f5} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {863e7e65-c17e-11de-b137-0013a9c9eb0b} - p9dwwa61.exe
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {a47bbd1a-2984-11e1-b19f-0013a9c9eb0b} - I:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: No Name - {6620E3D8-B3C3-45AC-AAE0-3C1A27A3B319} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=20080128-1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 37 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{63322D96-B808-49C1-BA74-E67EB9A64D31}: [NameServer]213.187.132.70

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-09]
FF Extension: Tube Dimmer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\Extensions\support@tubedimmerapp.com [2013-12-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\User\AppData\Roaming\01026
FF Extension: No Name - C:\Users\User\AppData\Roaming\01026 [2012-04-11]

Chrome: 
=======
CHR DefaultSearchKeyword: nationzoom
CHR DefaultSearchProvider: nationzoom
CHR DefaultSearchURL: hxxp://www.nationzoom.com/web/?type=ds&ts=1388499585&from=adks&uid=HitachiXHTS541612J9SA00_SB2DB2E4KE1W8HKE1W8HX&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-08-14]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (RealDownloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-12]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe [112184 2007-01-24] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe [75320 2007-01-24] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-01-10] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe [491520 2007-01-08] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-11-28] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [172032 2006-11-28] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-11-28] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-04-23] (Texas Instruments)
S4 Amndewkxwnp; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-13 19:00 - 2014-04-13 19:00 - 00020611 _____ () C:\Users\User\Downloads\FRST.txt
2014-04-13 19:00 - 2014-04-13 19:00 - 00000000 ____D () C:\FRST
2014-04-13 18:59 - 2014-04-13 18:59 - 01146368 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2014-04-12 13:01 - 2014-04-12 13:01 - 00000235 _____ () C:\Users\User\Desktop\Teilungsplan 13111 Roth.log
2014-04-07 18:43 - 2014-04-07 19:24 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige
2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2014-04-13 19:00 - 2014-04-13 19:00 - 00020611 _____ () C:\Users\User\Downloads\FRST.txt
2014-04-13 19:00 - 2014-04-13 19:00 - 00000000 ____D () C:\FRST
2014-04-13 18:59 - 2014-04-13 18:59 - 01146368 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2014-04-13 18:59 - 2009-08-25 13:24 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job
2014-04-13 18:59 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 18:59 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 18:45 - 2013-07-01 23:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 18:12 - 2013-07-03 19:20 - 02004465 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 18:11 - 2010-03-06 01:11 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-13 18:07 - 2010-03-06 01:11 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 18:04 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 09:50 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-12 13:01 - 2014-04-12 13:01 - 00000235 _____ () C:\Users\User\Desktop\Teilungsplan 13111 Roth.log
2014-04-12 11:53 - 2007-07-22 10:51 - 00113664 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-08 23:18 - 2007-07-20 18:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-08 23:18 - 2007-02-26 18:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-07 19:24 - 2014-04-07 18:43 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige
2014-04-07 17:32 - 2006-11-02 12:33 - 01592666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk
2014-03-25 12:08 - 2014-03-13 18:28 - 00000000 ____D () C:\Users\User\Documents\Anki

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User_2\AppData\Local\Temp\AskSLib.dll
C:\Users\User_2\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-13 18:16

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-04-2014
Ran by User at 2014-04-13 19:00:57
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0 - Adobe Systems) Hidden
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}) (Version: 9.0.124.0 - Adobe Systems, Inc.)
Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader X (10.1.8) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Anki (HKLM\...\Anki) (Version:  - )
AutoCAD 2007 - Deutsch (HKLM\...\{5783F2D7-5001-0407-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)
AutoDWG DWG DXF Converter (HKLM\...\{B3C53492-53A3-4EA8-A3A2-B30DBBE14B96}) (Version:  - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 1.0.2.23 - DivX, Inc. )
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.0.2.0 - )
EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Free YouTube to MP3 Converter version 3.11.34.1015 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.34.1015 - DVDVideoSoft Ltd.)
GEOgraf System Runtime Components (Version: 1.0.0 - HHK Datentechnik GmbH) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java DB 10.5.3.0 (HKLM\...\{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}) (Version: 10.5.3.0 - Sun Microsystems, Inc)
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Java(TM) SE Development Kit 6 Update 23 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160230}) (Version: 1.6.0.230 - Oracle)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Konz 2012 (HKLM\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)
Konz 2012 (Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (Version: 1.00.0000 - USM) Hidden
LAN-Express AS IEEE 802.11 Wireless LAN (HKLM\...\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}) (Version: 7.1.0.116 - LAN-Express)
Macromedia Flash Player 8 (HKLM\...\ShockwaveFlash) (Version: 8 - Macromedia)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mixxx 1.10.0 (HKLM\...\Mixxx (1.10.0)) (Version: 1.10.0 - The Mixxx Team)
Mozilla Firefox 21.0 (x86 de) (HKLM\...\Mozilla Firefox 21.0 (x86 de)) (Version: 21.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenMG Limited Patch 4.7-07-13-24-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF-XChange Viewer (HKLM\...\{37B3776C-6DE6-4DD4-9AC6-C14952083932}) (Version: 2.5.193.0 - Tracker Software Products Ltd.)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version:  - )
Servicepack Datumsaktualisierung (HKLM\...\{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}) (Version: 1.00.00.0005 - Haufe-Lexware)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Setting Utility Series (HKLM\...\{59452470-A902-477F-9338-9B88101681BD}) (Version: 2.1.00.13300 - Sony Corporation)
SimpleOCR 3.1 (HKLM\...\SimpleOCR 3.1) (Version:  - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SonicStage 4.3 (HKLM\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Sony Utilities DLL (HKLM\...\{EF3D45BB-2260-4008-88EA-492E7744A9DF}) (Version: 7.1.00.13300 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.1.03 - Sony Corporation)
Steuer 2011 (HKLM\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
VAIO Aqua Breeze Wallpaper (HKLM\...\{97BCD719-6ECB-458F-97D6-F38D2E07375E}) (Version: 1.0.11.13240 - Sony Corporation)
VAIO Content Importer  VAIO Content Exporter (Version: 1.3.00.13300 - Sony Corporation) Hidden
VAIO Content Importer / VAIO Content Exporter (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.3.00.13300 - Sony Corporation)
VAIO Control Center (HKLM\...\{FC37C108-821D-4EDE-8F40-D5B497586805}) (Version: 2.0.00.11060 - Sony Corporation)
VAIO Cozy Orange Wallpaper (HKLM\...\{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}) (Version: 1.0.11.13240 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.01.02070 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 2.0.02.13290 - Sony Corporation)
VAIO Event Service (HKLM\...\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}) (Version: 3.1.00.14130 - Sony Corporation)
VAIO Hardware Diagnostics (HKLM\...\{A947C2B3-7445-42C4-9063-EE704CACCB22}) (Version:  - )
VAIO Media (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media 6.0 (HKLM\...\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}) (Version: 6.0.10 - Sony Corporation)
VAIO Media AC3 Decoder 1.0 (HKLM\...\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}) (Version:  - )
VAIO Media Content Collection 6.0 (HKLM\...\{500162A0-4DD5-460A-BAFD-895AAE48C532}) (Version:  - Sony Corporation)
VAIO Media Integrated Server 6.0 (HKLM\...\{785EB1D4-ECEC-4195-99B4-73C47E187721}) (Version:  - Sony Corporation)
VAIO Media Redistribution 6.0 (HKLM\...\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}) (Version: 6.0.10 - Sony Corporation)
VAIO Media Registration Tool (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media Registration Tool 6.0 (HKLM\...\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}) (Version: 6.0.10 - Sony Corporation)
VAIO Original Screen Saver (HKLM\...\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}) (Version:  - )
VAIO Photo 2007 (HKLM\...\{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}) (Version: 1.0.01.01250 - Sony Corporation)
VAIO Power Management (HKLM\...\{9E319E96-ED8E-4B01-9775-C521A1869A25}) (Version: 2.1.00.14090 - Sony Corporation)
VAIO Tender Green Wallpaper (HKLM\...\{934A3213-1CB6-4264-84A2-EE080C017BCA}) (Version: 1.0.11.10180 - Sony Corporation)
VAIO Update 3 (HKLM\...\{48820099-ED7D-424B-890C-9A82EF00656D}) (Version: 3.0.01.02050 - Sony Corporation)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VideoLAN VLC media player 0.8.6d (HKLM\...\VLC media player) (Version: 0.8.6d - VideoLAN Team)
Wartung Samsung CLP-320 Series (HKLM\...\Samsung CLP-320 Series) (Version:  - Samsung Electronics Co., Ltd.)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B6.113 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B6.113 - InterVideo Inc.) Hidden
WinZip (HKLM\...\WinZip) (Version:  9.0  (6028g) - WinZip Computing, Inc. und H.C. Top Systems B.V.)
Wireless Switch Setting Utility (HKLM\...\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}) (Version: 3.6.01.18210 - Sony Corporation)

==================== Restore Points  =========================

24-03-2014 16:47:40 Geplanter Prüfpunkt
25-03-2014 13:52:43 Geplanter Prüfpunkt
26-03-2014 19:14:48 Geplanter Prüfpunkt
01-04-2014 17:48:06 Geplanter Prüfpunkt
05-04-2014 08:37:11 Geplanter Prüfpunkt
12-04-2014 07:08:59 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {020F3D18-4BFB-446C-9F9B-80A1C57818FD} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-06-15] (Sony Corporation)
Task: {0BCB80A5-4094-432C-BF55-028AC85EA85C} - System32\Tasks\LaunchMCV => MyClubVaio.vbs
Task: {0D78AED4-B1AD-48D4-833B-F98220234A06} - System32\Tasks\MCVSurveyReminder3 => reminder.exe
Task: {1B91E0C2-B2DE-4443-AD4E-ED006394A83F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3478396187-4038831351-2685403778-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1FE11795-DD6A-49F2-ADE8-CDD3D1872E19} - System32\Tasks\MCVRegistrationReminder3 => reminder.exe
Task: {3242ED2D-7358-422B-8B5E-62FDCA7B03C9} - System32\Tasks\MCVRegistrationReminder1 => reminder.exe
Task: {362A7006-A29C-4A19-834C-757BDEB4C625} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4338F05A-1464-4311-9279-DFC35C1F8FB5} - System32\Tasks\MCVSurveyReminder1 => reminder.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {56E17BCD-2844-4A38-848F-6145C5E06DEA} - System32\Tasks\MCVSurveyReminder2 => reminder.exe
Task: {77296531-153D-4CA9-8C38-5F84CA95C6D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {7A45A5E1-1049-43AE-82A4-BDCD5CE9DF56} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - User => C:\Program Files\Windows Calendar\wincal.exe [2008-01-19] (Microsoft Corporation)
Task: {7AB0C05C-A47A-42A7-BA60-1D54231BC3B8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3478396187-4038831351-2685403778-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {97D34B86-E355-4BFB-9BC8-80FA0019FD66} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3478396187-4038831351-2685403778-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {9A4C2190-7A5C-4EEE-8E22-43C82EEE8677} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06] (Google Inc.)
Task: {9D275F95-B1EF-4BA4-A76E-79F9FA38D8F8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3478396187-4038831351-2685403778-1005 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {A0E61055-121E-4F6F-94B5-60EE15AC5AAD} - System32\Tasks\MCVRegistrationReminder4 => reminder.exe
Task: {B08BAAE6-F5EE-4B52-88D6-0C23CD56983F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3478396187-4038831351-2685403778-1005 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {B4278A8A-0B7D-4CF7-AFAF-C23541773471} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2007-02-05] (Sony Corporation)
Task: {C0155B1F-AADF-4E40-8A81-8665A8291584} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3478396187-4038831351-2685403778-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E7DB7C4B-4D56-4EFC-85B6-BB8C00199F43} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {F7FC656B-2C77-4B82-BA50-BE15186C0C6D} - System32\Tasks\MCVRegistrationReminder2 => reminder.exe
Task: {F8C35C56-6832-472A-BB15-FCC93EF6F916} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06] (Google Inc.)
Task: {FAA16490-92DF-43B9-BBB5-E0B22901849D} - System32\Tasks\MCVSurveyReminder4 => reminder.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2004-12-14 04:28 - 2004-12-14 04:28 - 01212416 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU
2011-11-10 13:35 - 2009-09-11 09:47 - 00026624 _____ () C:\Windows\System32\sst3cl3.dll
2013-08-08 17:42 - 2013-08-07 21:33 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2007-02-26 18:01 - 2007-02-13 16:19 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2007-02-26 18:01 - 2007-02-13 16:19 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
2008-03-20 14:00 - 2008-01-19 00:35 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2007-02-26 21:02 - 2007-01-24 11:04 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2004-12-14 05:44 - 2004-12-14 05:44 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Spelling.DEU
2004-12-14 05:40 - 2004-12-14 05:40 - 00006656 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\ADBC.DEU
2004-12-14 05:44 - 2004-12-14 05:44 - 00540672 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PPKLite.DEU
2004-12-14 05:40 - 2004-12-14 05:40 - 00049152 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Accessibility.DEU
2004-12-14 05:40 - 2004-12-14 05:40 - 00417792 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\AcroForm.DEU
2004-12-14 05:41 - 2004-12-14 05:41 - 00651264 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Annots.DEU
2004-12-14 05:41 - 2004-12-14 05:41 - 00040960 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Catalog.DEU
2004-12-14 05:41 - 2004-12-14 05:41 - 00126976 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Checkers.DEU
2004-12-14 05:41 - 2004-12-14 05:41 - 00135168 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\DigSig.DEU
2004-12-14 05:42 - 2004-12-14 05:42 - 00010752 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\DistillerPI.DEU
2004-12-14 05:42 - 2004-12-14 05:42 - 00299008 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\ebook.DEU
2004-12-14 05:42 - 2004-12-14 05:42 - 00086016 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\EScript.DEU
2004-12-14 04:28 - 2004-12-14 04:28 - 00005120 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\EWH32.DEU
2004-12-14 05:43 - 2004-12-14 05:43 - 00006144 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\FlattenerView.DEU
2004-12-14 04:28 - 2004-12-14 04:28 - 00010240 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\HLS.DEU
2004-12-14 05:43 - 2004-12-14 05:43 - 00049152 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\HTML2PDF.DEU
2004-12-14 05:43 - 2004-12-14 05:43 - 00094208 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\ImageConversion.DEU
2004-12-14 04:29 - 2004-12-14 04:29 - 00217088 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\JDFProdDef.DEU
2004-12-14 05:43 - 2004-12-14 05:43 - 00045056 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\MakeAccessible.DEU
2004-12-14 05:43 - 2004-12-14 05:43 - 00122880 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Multimedia.DEU
2004-12-14 05:43 - 2004-12-14 05:43 - 00053248 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PaperCapture.DEU
2004-12-14 04:29 - 2004-12-14 04:29 - 00007680 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PDDom.DEU
2004-12-14 05:44 - 2004-12-14 05:44 - 00544768 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PictureTasks.DEU
2004-12-14 04:29 - 2004-12-14 04:29 - 00007168 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\reflow.DEU
2004-12-14 05:44 - 2004-12-14 05:44 - 00017408 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\SaveAsRTF.DEU
2004-12-14 05:44 - 2004-12-14 05:44 - 00015360 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\SaveAsXML.DEU
2004-12-14 05:44 - 2004-12-14 05:44 - 00024064 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Search.DEU
2004-12-14 04:29 - 2004-12-14 04:29 - 00008704 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Search5.DEU
2004-12-14 05:44 - 2004-12-14 05:44 - 00015360 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\SendMail.DEU
2004-12-14 05:44 - 2004-12-14 05:44 - 00065536 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Soap.DEU
2004-12-14 05:44 - 2004-12-14 05:44 - 00014336 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\TablePicker.DEU
2004-12-14 05:45 - 2004-12-14 05:45 - 00094208 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\TouchUp.DEU
2004-12-14 05:45 - 2004-12-14 05:45 - 00026624 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Updater.DEU
2004-12-14 05:45 - 2004-12-14 05:45 - 00032768 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\weblink.DEU
2004-12-14 05:45 - 2004-12-14 05:45 - 00106496 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\WebPDF.DEU
2013-06-14 18:52 - 2013-05-12 00:26 - 03128728 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-11 19:45 - 2014-03-11 19:45 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk => C:\Windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD-Startbeschleuniger.lnk => C:\Windows\pss\AutoCAD-Startbeschleuniger.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: AAWTray => C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint\Apoint.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: ICQ6setup => cmd.exe /c rmdir /S /Q "C:\Program Files\ICQ6.5"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
MSCONFIG\startupreg: KiesHelper => C:\Program Files\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: {EFA1AE16-DFE3-0274-0A40-A76B56E87B5B} => C:\Users\User\AppData\Roaming\Erse\maola.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2014 06:07:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/13/2014 09:34:37 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/12/2014 11:42:16 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 21.0.0.4879, Zeitstempel 0x518ec3cc, fehlerhaftes Modul xul.dll, Version 21.0.0.4879, Zeitstempel 0x518ec306, Ausnahmecode 0xc0000005, Fehleroffset 0x001c9789,
Prozess-ID 0x14e8, Anwendungsstartzeit firefox.exe0.

Error: (04/12/2014 08:06:27 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/08/2014 11:57:51 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: EXCEPTION calling function IThread(ProtocolSrvConThread)::run() for the file
unknown
[ACCESS_VIOLATION Exception!! EIP = 0x721ad967]
Please inform Avira and submit the appropriate file!

Error: (04/08/2014 10:37:58 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/08/2014 05:59:04 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung EXCEL.EXE, Version 10.0.6871.0, Zeitstempel 0x4daf71c5, fehlerhaftes Modul mso.dll, Version 10.0.6870.0, Zeitstempel 0x4d602ee7, Ausnahmecode 0xc0000005, Fehleroffset 0x00021e92,
Prozess-ID 0x1170, Anwendungsstartzeit EXCEL.EXE0.

Error: (04/08/2014 05:57:19 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung EXCEL.EXE, Version 10.0.6871.0, Zeitstempel 0x4daf71c5, fehlerhaftes Modul mso.dll, Version 10.0.6870.0, Zeitstempel 0x4d602ee7, Ausnahmecode 0xc0000005, Fehleroffset 0x00021e92,
Prozess-ID 0x126c, Anwendungsstartzeit EXCEL.EXE0.

Error: (04/08/2014 05:53:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/07/2014 05:48:29 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung EXCEL.EXE, Version 10.0.6871.0, Zeitstempel 0x4daf71c5, fehlerhaftes Modul mso.dll, Version 10.0.6870.0, Zeitstempel 0x4d602ee7, Ausnahmecode 0xc0000005, Fehleroffset 0x00022314,
Prozess-ID 0x520, Anwendungsstartzeit EXCEL.EXE0.


System errors:
=============
Error: (04/13/2014 06:44:27 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/13/2014 06:42:36 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/13/2014 06:34:47 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/13/2014 06:15:17 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/13/2014 06:15:15 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/13/2014 06:14:43 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (04/13/2014 06:13:02 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{75150A78-C350-47D0-A029-3EEC5D8DD5-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/13/2014 06:07:01 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{75150A78-C350-47D0-A029-3EEC5D8DD5-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/13/2014 06:05:40 PM) (Source: Service Control Manager) (User: )
Description: DgiVecp%%2

Error: (04/13/2014 06:05:40 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (04/13/2014 06:07:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/13/2014 09:34:37 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/12/2014 11:42:16 AM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c978914e801cf56167d2a8c4e

Error: (04/12/2014 08:06:27 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/08/2014 11:57:51 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: unknownACCESS_VIOLATION0x721ad967IThread(ProtocolSrvConThread)::run()

Error: (04/08/2014 10:37:58 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/08/2014 05:59:04 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE10.0.6871.04daf71c5mso.dll10.0.6870.04d602ee7c000000500021e92117001cf534374804d82

Error: (04/08/2014 05:57:19 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE10.0.6871.04daf71c5mso.dll10.0.6870.04d602ee7c000000500021e92126c01cf5343359c6362

Error: (04/08/2014 05:53:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/07/2014 05:48:29 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE10.0.6871.04daf71c5mso.dll10.0.6870.04d602ee7c00000050002231452001cf5278d1a87ea1


CodeIntegrity Errors:
===================================
  Date: 2014-04-13 19:00:33.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 19:00:33.517
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 19:00:33.423
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 19:00:33.331
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 19:00:33.234
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 19:00:33.141
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 19:00:33.048
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-13 19:00:32.955
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-03 22:31:18.788
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-27 20:02:00.499
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 2037.45 MB
Available physical RAM: 1019.7 MB
Total Pagefile: 4322.17 MB
Available Pagefile: 3172.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.02 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:53.44 GB) (Free:6.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: (Daten) (Fixed) (Total:49.04 GB) (Free:33.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 722DCBAF)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=53 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

danke dir

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo,

habe alles erledigt. Hier dann die Textdateien:

mbam

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Detection, 15.04.2014 00:00:56, User, NOTEBOOK, Protection, Malware Protection, File, PUP.Optional.TubeDimmer.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\extensions\support@tubedimmerapp.com\chrome\content\main.js, Quarantine, [525dbd6b88f36dc9fdc6c896e41e946c]
Protection, 15.04.2014 17:53:25, SYSTEM, NOTEBOOK, Protection, Malware Protection, Starting, 
Protection, 15.04.2014 17:53:25, SYSTEM, NOTEBOOK, Protection, Malware Protection, Started, 
Protection, 15.04.2014 17:53:25, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Starting, 
Protection, 15.04.2014 17:56:04, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Started, 
Update, 15.04.2014 17:59:57, SYSTEM, NOTEBOOK, Manual, Malware Database, 2014.4.10.7, 2014.4.15.7, 
Protection, 15.04.2014 18:00:24, SYSTEM, NOTEBOOK, Protection, Refresh, Starting, 
Protection, 15.04.2014 18:00:24, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Stopping, 
Protection, 15.04.2014 18:00:24, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Stopped, 
Protection, 15.04.2014 18:01:06, SYSTEM, NOTEBOOK, Protection, Refresh, Success, 
Protection, 15.04.2014 18:01:06, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Starting, 
Protection, 15.04.2014 18:01:12, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Started, 
Detection, 15.04.2014 18:36:03, SYSTEM, NOTEBOOK, Protection, Malware Protection, File, PUP.Optional.DomaIQ, C:\Users\User\AppData\Local\Temp\OIxU_gS4.exe.part, Quarantine, [7033b97190eb2c0ada7367d8f907ab55]

(end)
         

adw-cleaner

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 15/04/2014 um 18:57:52
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzername : User - NOTEBOOK
# Gestartet von : C:\Users\User\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
Ordner Gelöscht : C:\Program Files\simplitec
Ordner Gelöscht : C:\Users\User\AppData\Roaming\simplitec
Datei Gelöscht : C:\Users\Public\Desktop\simplicheck.lnk
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\Software\simplitec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62255E52F19EC97429A42D59D49024FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE7C2A75DF08824E9CEFDE20F655BD9

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6001.18639


-\\ Mozilla Firefox v21.0 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : search_url
Gelöscht : keyword

*************************

AdwCleaner[R0].txt - [13596 octets] - [31/12/2013 16:48:07]
AdwCleaner[R1].txt - [1635 octets] - [31/12/2013 17:03:07]
AdwCleaner[R2].txt - [1923 octets] - [11/01/2014 17:15:40]
AdwCleaner[R3].txt - [1924 octets] - [11/01/2014 17:16:22]
AdwCleaner[R4].txt - [1761 octets] - [26/01/2014 18:10:19]
AdwCleaner[R5].txt - [2946 octets] - [15/04/2014 18:56:29]
AdwCleaner[S0].txt - [11328 octets] - [31/12/2013 16:49:31]
AdwCleaner[S1].txt - [1698 octets] - [31/12/2013 17:04:31]
AdwCleaner[S2].txt - [1993 octets] - [11/01/2014 17:17:28]
AdwCleaner[S3].txt - [1748 octets] - [26/01/2014 18:11:17]
AdwCleaner[S4].txt - [2875 octets] - [15/04/2014 18:57:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2935 octets] ##########
         

JRT

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by User on 15.04.2014 at 19:06:29,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3478396187-4038831351-2685403778-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184aa5e6-741d-464a-820e-94b3abc2f3b4}
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\f2nuqa9k.default-1388501107279\minidumps [44 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.04.2014 at 19:09:49,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

und FRST

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014
Ran by User (administrator) on NOTEBOOK on 15-04-2014 19:10:45
Running from C:\Users\User\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403d83-ac64-11df-8eb6-0013a9c9eb0b} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403dd4-ac64-11df-8eb6-001e101fa1f5} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {863e7e65-c17e-11de-b137-0013a9c9eb0b} - p9dwwa61.exe
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {a47bbd1a-2984-11e1-b19f-0013a9c9eb0b} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {f1a87b96-c3f1-11e3-8181-0013a9c9eb0b} - I:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: No Name - {6620E3D8-B3C3-45AC-AAE0-3C1A27A3B319} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=20080128-1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 37 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{63322D96-B808-49C1-BA74-E67EB9A64D31}: [NameServer]213.187.132.70

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR DefaultSearchProvider: nationzoom
CHR DefaultSearchURL: hxxp://www.google.com
CHR DefaultNewTabURL: 
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (RealDownloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-12]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe [112184 2007-01-24] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe [75320 2007-01-24] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-01-10] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe [491520 2007-01-08] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-11-28] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [172032 2006-11-28] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-11-28] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-04-23] (Texas Instruments)
S4 Amndewkxwnp; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 19:10 - 2014-04-15 19:10 - 00019768 _____ () C:\Users\User\Desktop\FRST.txt
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-04-15 18:51 - 2014-04-15 18:51 - 00003736 _____ () C:\Windows\PFRO.log
2014-04-15 18:42 - 2014-04-15 18:42 - 00000296 _____ () C:\Users\User\Desktop\Firefox Es kommen ständig die gleichen Werbe-Fenster zwischendurch - Trojaner-Board.URL
2014-04-14 23:52 - 2014-04-15 19:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-14 23:52 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 23:52 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 23:52 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 23:42 - 2014-04-14 23:42 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-14 20:24 - 2014-04-14 20:24 - 00000715 _____ () C:\Windows\setupact.log
2014-04-14 20:24 - 2014-04-14 20:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-14 20:19 - 2014-04-14 20:20 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-04-14 20:19 - 2014-04-14 20:19 - 00000979 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk
2014-04-14 20:18 - 2014-04-14 20:21 - 00000000 ___RD () C:\Users\User\Documents\MAGIX
2014-04-14 20:17 - 2014-04-14 20:21 - 00000000 ____D () C:\ProgramData\MAGIX
2014-04-14 20:17 - 2014-04-14 20:18 - 00000000 ____D () C:\Program Files\MAGIX
2014-04-14 20:17 - 2014-04-14 20:18 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2014-04-14 20:04 - 2014-04-14 20:26 - 00001233 _____ () C:\Users\User\Desktop\Musik Hamid - Verknüpfung.lnk
2014-04-14 20:04 - 2014-04-14 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\MAGIX
2014-04-14 19:50 - 2014-04-14 19:51 - 28886538 _____ () C:\Users\User\Downloads\mixxx-1.11.0-win32.exe
2014-04-13 19:04 - 2014-04-15 19:10 - 00000000 ____D () C:\Users\User\Desktop\Trojaner
2014-04-13 19:00 - 2014-04-15 19:10 - 00000000 ____D () C:\FRST
2014-04-13 19:00 - 2014-04-13 19:01 - 00042195 _____ () C:\Users\User\Downloads\Addition.txt
2014-04-13 19:00 - 2014-04-13 19:01 - 00024173 _____ () C:\Users\User\Downloads\FRST.txt
2014-04-13 18:59 - 2014-04-14 23:49 - 01042944 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-04-07 18:43 - 2014-04-07 19:24 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige
2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2014-04-15 19:10 - 2014-04-15 19:10 - 00019768 _____ () C:\Users\User\Desktop\FRST.txt
2014-04-15 19:10 - 2014-04-13 19:04 - 00000000 ____D () C:\Users\User\Desktop\Trojaner
2014-04-15 19:10 - 2014-04-13 19:00 - 00000000 ____D () C:\FRST
2014-04-15 19:09 - 2009-08-25 13:24 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job
2014-04-15 19:07 - 2010-03-06 01:11 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-04-15 19:04 - 2013-07-03 19:20 - 02065414 _____ () C:\Windows\WindowsUpdate.log
2014-04-15 19:03 - 2014-04-14 23:52 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 19:00 - 2010-03-06 01:11 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-15 18:59 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-15 18:59 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 18:59 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-15 18:58 - 2013-12-31 16:48 - 00000000 ____D () C:\AdwCleaner
2014-04-15 18:58 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-15 18:51 - 2014-04-15 18:51 - 00003736 _____ () C:\Windows\PFRO.log
2014-04-15 18:46 - 2012-03-28 09:52 - 00002623 _____ () C:\Users\User\Desktop\Microsoft Word.lnk
2014-04-15 18:45 - 2013-07-01 23:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-15 18:42 - 2014-04-15 18:42 - 00000296 _____ () C:\Users\User\Desktop\Firefox Es kommen ständig die gleichen Werbe-Fenster zwischendurch - Trojaner-Board.URL
2014-04-15 17:53 - 2006-11-02 14:47 - 00473504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-14 23:49 - 2014-04-13 18:59 - 01042944 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-04-14 23:42 - 2014-04-14 23:42 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-14 22:06 - 2007-07-19 20:55 - 00148624 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-14 20:27 - 2006-11-02 12:33 - 01592666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 20:26 - 2014-04-14 20:04 - 00001233 _____ () C:\Users\User\Desktop\Musik Hamid - Verknüpfung.lnk
2014-04-14 20:24 - 2014-04-14 20:24 - 00000715 _____ () C:\Windows\setupact.log
2014-04-14 20:24 - 2014-04-14 20:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-14 20:21 - 2014-04-14 20:18 - 00000000 ___RD () C:\Users\User\Documents\MAGIX
2014-04-14 20:21 - 2014-04-14 20:17 - 00000000 ____D () C:\ProgramData\MAGIX
2014-04-14 20:21 - 2014-04-14 20:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\MAGIX
2014-04-14 20:20 - 2014-04-14 20:19 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-04-14 20:19 - 2014-04-14 20:19 - 00000979 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk
2014-04-14 20:18 - 2014-04-14 20:17 - 00000000 ____D () C:\Program Files\MAGIX
2014-04-14 20:18 - 2014-04-14 20:17 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2014-04-14 20:17 - 2007-02-26 17:46 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-04-14 20:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Help
2014-04-14 20:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-14 19:51 - 2014-04-14 19:50 - 28886538 _____ () C:\Users\User\Downloads\mixxx-1.11.0-win32.exe
2014-04-13 19:01 - 2014-04-13 19:00 - 00042195 _____ () C:\Users\User\Downloads\Addition.txt
2014-04-13 19:01 - 2014-04-13 19:00 - 00024173 _____ () C:\Users\User\Downloads\FRST.txt
2014-04-12 11:53 - 2007-07-22 10:51 - 00113664 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-08 23:18 - 2007-07-20 18:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-08 23:18 - 2007-02-26 18:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-07 19:24 - 2014-04-07 18:43 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige
2014-04-03 09:51 - 2014-04-14 23:52 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 23:52 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 23:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk
2014-03-25 12:08 - 2014-03-13 18:28 - 00000000 ____D () C:\Users\User\Documents\Anki

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User_2\AppData\Local\Temp\AskSLib.dll
C:\Users\User_2\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-15 19:06

==================== End Of Log ============================
         

--- --- ---


Vielen Dank nochmals

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Hallo

also anbei dann die log,txt

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6c6dfd0764194e41845d20b577cc22dc
# engine=17928
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-17 06:01:38
# local_time=2014-04-17 08:01:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 180037 168425403 172667 0
# compatibility_mode=5892 16776574 100 100 21781083 235290426 0 0
# scanned=218818
# found=2
# cleaned=0
# scan_time=7641
sh=8FF5C56B349BD89E740F460F284EA37DDA25728F ft=1 fh=dc88c7f09f5f8aae vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="G:\Programme von Festplatte\RegCleaner\regvissetup.exe"
sh=47E6CA19F96C1865541E0853D86282CE85C6BBC5 ft=1 fh=978c084e817558e0 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="G:\Programme von Festplatte\RegCleaner\repairv35pro.exe"
         

die checkup.txt

Code: Alles auswählenAufklappen

ATTFilter

 Results of screen317's Security Check version 0.99.81  
 Windows Vista Service Pack 1 x86 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java DB 10.5.3.0   
 Java(TM) 6 Update 22  
 Java(TM) 6 Update 23  
 Java(TM) SE Runtime Environment 6 
 Java(TM) SE Development Kit 6 Update 23 
 Java version out of Date! 
 Adobe Flash Player 9 Flash Player out of Date! 
 Adobe Flash Player 	12.0.0.77  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox 21.0 Firefox out of Date!  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

und die FRST.txt


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014 01
Ran by User (administrator) on NOTEBOOK on 17-04-2014 23:05:25
Running from C:\Users\User\Desktop\Trojaner
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403d83-ac64-11df-8eb6-0013a9c9eb0b} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403dd4-ac64-11df-8eb6-001e101fa1f5} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {863e7e65-c17e-11de-b137-0013a9c9eb0b} - p9dwwa61.exe
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {a47bbd1a-2984-11e1-b19f-0013a9c9eb0b} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {f1a87b96-c3f1-11e3-8181-0013a9c9eb0b} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {65403d83-ac64-11df-8eb6-0013a9c9eb0b} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {65403dd4-ac64-11df-8eb6-001e101fa1f5} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {863e7e65-c17e-11de-b137-0013a9c9eb0b} - p9dwwa61.exe
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a47bbd1a-2984-11e1-b19f-0013a9c9eb0b} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3478396187-4038831351-2685403778-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f1a87b96-c3f1-11e3-8181-0013a9c9eb0b} - I:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: No Name - {6620E3D8-B3C3-45AC-AAE0-3C1A27A3B319} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=20080128-1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 37 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{63322D96-B808-49C1-BA74-E67EB9A64D31}: [NameServer]213.187.132.70

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR DefaultSearchProvider: nationzoom
CHR DefaultSearchURL: hxxp://www.google.com
CHR DefaultNewTabURL: 
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (RealDownloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-12]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe [112184 2007-01-24] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe [75320 2007-01-24] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-01-10] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe [491520 2007-01-08] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-11-28] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [172032 2006-11-28] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-11-28] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-04-23] (Texas Instruments)
S4 Amndewkxwnp; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 23:02 - 2014-04-17 23:02 - 00987448 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-04-15 18:51 - 2014-04-15 18:51 - 00003736 _____ () C:\Windows\PFRO.log
2014-04-14 23:52 - 2014-04-17 22:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-14 23:52 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 23:52 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 23:52 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 23:42 - 2014-04-14 23:42 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-14 20:24 - 2014-04-14 20:24 - 00000715 _____ () C:\Windows\setupact.log
2014-04-14 20:24 - 2014-04-14 20:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-14 20:19 - 2014-04-14 20:20 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-04-14 20:19 - 2014-04-14 20:19 - 00000979 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk
2014-04-14 20:18 - 2014-04-14 20:21 - 00000000 ___RD () C:\Users\User\Documents\MAGIX
2014-04-14 20:17 - 2014-04-14 20:21 - 00000000 ____D () C:\ProgramData\MAGIX
2014-04-14 20:17 - 2014-04-14 20:18 - 00000000 ____D () C:\Program Files\MAGIX
2014-04-14 20:17 - 2014-04-14 20:18 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2014-04-14 20:04 - 2014-04-14 20:26 - 00001233 _____ () C:\Users\User\Desktop\Musik Hamid - Verknüpfung.lnk
2014-04-14 20:04 - 2014-04-14 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\MAGIX
2014-04-14 19:50 - 2014-04-14 19:51 - 28886538 _____ () C:\Users\User\Downloads\mixxx-1.11.0-win32.exe
2014-04-13 19:04 - 2014-04-17 23:05 - 00000000 ____D () C:\Users\User\Desktop\Trojaner
2014-04-13 19:00 - 2014-04-17 23:05 - 00000000 ____D () C:\FRST
2014-04-13 19:00 - 2014-04-13 19:01 - 00042195 _____ () C:\Users\User\Downloads\Addition.txt
2014-04-13 19:00 - 2014-04-13 19:01 - 00024173 _____ () C:\Users\User\Downloads\FRST.txt
2014-04-07 18:43 - 2014-04-07 19:24 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige
2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

2014-04-17 23:05 - 2014-04-13 19:04 - 00000000 ____D () C:\Users\User\Desktop\Trojaner
2014-04-17 23:05 - 2014-04-13 19:00 - 00000000 ____D () C:\FRST
2014-04-17 23:05 - 2009-08-25 13:24 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job
2014-04-17 23:02 - 2014-04-17 23:02 - 00987448 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-04-17 22:57 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 22:57 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 22:51 - 2014-04-14 23:52 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 22:45 - 2013-07-01 23:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 22:07 - 2010-03-06 01:11 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 20:24 - 2006-11-02 12:33 - 01592666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 18:07 - 2010-03-06 01:11 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 17:54 - 2013-07-03 19:20 - 02089768 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 17:43 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-15 20:10 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-04-15 18:58 - 2013-12-31 16:48 - 00000000 ____D () C:\AdwCleaner
2014-04-15 18:51 - 2014-04-15 18:51 - 00003736 _____ () C:\Windows\PFRO.log
2014-04-15 18:46 - 2012-03-28 09:52 - 00002623 _____ () C:\Users\User\Desktop\Microsoft Word.lnk
2014-04-15 17:53 - 2006-11-02 14:47 - 00473504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-14 23:42 - 2014-04-14 23:42 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-14 22:06 - 2007-07-19 20:55 - 00148624 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-14 20:26 - 2014-04-14 20:04 - 00001233 _____ () C:\Users\User\Desktop\Musik Hamid - Verknüpfung.lnk
2014-04-14 20:24 - 2014-04-14 20:24 - 00000715 _____ () C:\Windows\setupact.log
2014-04-14 20:24 - 2014-04-14 20:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-14 20:21 - 2014-04-14 20:18 - 00000000 ___RD () C:\Users\User\Documents\MAGIX
2014-04-14 20:21 - 2014-04-14 20:17 - 00000000 ____D () C:\ProgramData\MAGIX
2014-04-14 20:21 - 2014-04-14 20:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\MAGIX
2014-04-14 20:20 - 2014-04-14 20:19 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-04-14 20:19 - 2014-04-14 20:19 - 00000979 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk
2014-04-14 20:18 - 2014-04-14 20:17 - 00000000 ____D () C:\Program Files\MAGIX
2014-04-14 20:18 - 2014-04-14 20:17 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2014-04-14 20:17 - 2007-02-26 17:46 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-04-14 20:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Help
2014-04-14 20:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-14 19:51 - 2014-04-14 19:50 - 28886538 _____ () C:\Users\User\Downloads\mixxx-1.11.0-win32.exe
2014-04-13 19:01 - 2014-04-13 19:00 - 00042195 _____ () C:\Users\User\Downloads\Addition.txt
2014-04-13 19:01 - 2014-04-13 19:00 - 00024173 _____ () C:\Users\User\Downloads\FRST.txt
2014-04-12 11:53 - 2007-07-22 10:51 - 00113664 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-08 23:18 - 2007-07-20 18:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-08 23:18 - 2007-02-26 18:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-07 19:24 - 2014-04-07 18:43 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige
2014-04-03 09:51 - 2014-04-14 23:52 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 23:52 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 23:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk
2014-03-25 12:08 - 2014-03-13 18:28 - 00000000 ____D () C:\Users\User\Documents\Anki

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User_2\AppData\Local\Temp\AskSLib.dll
C:\Users\User_2\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-17 17:54

==================== End Of Log ============================
         

--- --- ---



Eigentlich scheint alles zu laufen.

Ich frage mich nur folgende Sachen:

Muss ich den Firefox anders einstellen um ihn sicherer zu machen?
Ist mein Virenschutzprogramm Avira ausreichend?
Das Programm Malwarebytes läuft jetzt immer als Prozess. Ist das so richtig?

Vielen Dank nochmal. :-)

Java, Flash, Adobe und Firefox updaten. die beiden Downloads die ESET anmeckert löschen.

In Firefox einen Adblocker nutzen
Avira is scheisse, ich empfehle immer Emsisoft
Das läuft nur solange die TEstphase läuft, 30 Tage, danach ist es ne Freeware.



Fertig

Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hi,

war jetzt eine Woche im Urlaub. Sorry.

Welche beiden Downloads werden denn von ESET bemängelt? Kann das nicht erkennen.

Macht es Sinn sich von Malwarebyte die ProVersion zu kaufen? Habe jetzt schon ein paar mal erlebt, dass Malwarebyte in der Testversion Software blockiert hat.

Danke und Grüße


PS: Nach der Installation von no script funktioniert jetzt autoscout und mobile.de nicht mehr. Auch wenn ich die Seite erlaube. Was könnte der Grund sein? Wenn ich alle skripte erlaube geht es

Dann wird noch ein Script geblockt, unten auf das Symbol schauen und Scripte einzeln erlauben.


G:\Programme von Festplatte\RegCleaner\regvissetup.exe
G:\Programme von Festplatte\RegCleaner\repairv35pro.exe


Wenn du nen vollwertiges gutes AV hast reicht MBAM free.