| |
| |||||||
Log-Analyse und Auswertung: Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.06.2014, 13:53
| #1 |
| |  Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Hallo zusammen! ich bin durch Google auf euch aufmerksam geworden und finde es klasse, dass es solche Foren gibt! Hier mein Problem: Meine Bank hat mein Onlinebanking gesperrt mit dem Hinweis, ich hätte einen Trojaner auf meinem PC. Mein Antivirusprogramm Avira antwortet mir beim Starten mit der Fehlermeldung: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt. Weitere Informationen erhalten Sie vom Systemadministrator. --> Hä?  Ich bin hier an meinem privaten PC und als Administrator angemeldet. Nach ewigem googeln habe ich Avira Registry Clean installiert. Auch dies konnte wegen o.g. Fehlermeldung nicht gestartet werden. Ich habe meinen PC dann im abgesicherten Modus gestartet. Dann hat der Registry Clean funktioniert. Avira konnte ich dann im abgesicherten Modus auch neu installieren und drüber laufen lassen. Es wurden 9 Viren gefunden - aber nur 4 gelöscht. Im normalen Modus konnte ich dann Avira wieder nicht starten. Die Fehlermeldung bleibt die gleiche. Dann habe ich Malwarebytes installiert und drüber laufen lassen. Hat irgendwie auch nicht geklappt. Ich bin total verzweifelt.  Bevor ich jedoch jetzt meinen PC komplett platt mache und neu installiere dachte ich mir, wende ich mich mal an euch. Evtl. könnt ihr mir ja weiterhelfen!!!  Ich muss jedoch zum Schluss sagen - ich kenne mich am PC nicht soooooo sonderlich gut aus.... ich geh halt damit ins Internet mach(t)e Onlinebanking und fürs Studium ein paar Referate - mehr auch nicht. Also bitte seit gnädig, wenn ich mit Fachbegriffen etc. nicht soo viel anfangen kann! Danke =) |
|
22.06.2014, 17:24
| #2 |
| /// Malwareteam   |  Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Hallo Hilflos-88,
__________________ mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:  Regeln zum Ablauf der Bereinigung
Hinweis
 Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ |
|
22.06.2014, 22:38
| #3 |
| | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Hallo Jonas,
__________________vielen Dank für deine Hilfe!!! Ich habe FRST installiert: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01 Ran by Raffaele (administrator) on NOTEBOOK on 22-06-2014 23:19:29 Running from C:\Users\Raffaele\Desktop Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\SLsvc.exe () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (IDT, Inc.) C:\Windows\System32\stacsv.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [118784 2007-06-10] (Alps Electric Co., Ltd.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.) HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.) HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [Oxics] => regsvr32.exe HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [ammlagbh] => regsvr32.exe " HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [ezfgkb] => regsvr32.exe " Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\9.3\pdfforgeToolbarIE.dll (Spigot, Inc.) SearchScopes: HKLM - DefaultScope {54AD2F42-E765-4130-BB75-30059D868F74} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKLM - {54AD2F42-E765-4130-BB75-30059D868F74} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKCU - {E8ADE25B-04C6-4C50-A3C1-1BC98866B6D2} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: No Name - {2B4F8F53-9CC0-4C86-A16B-4814ECAB9CF7} - No File BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\9.3\pdfforgeToolbarIE.dll (Spigot, Inc.) BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\9.3\pdfforgeToolbarIE.dll (Spigot, Inc.) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Raffaele\AppData\Roaming\Mozilla\Firefox\Profiles\cpkezzs8.default FF Homepage: hxxp://www.google.de/ FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Groove File Launch Services - C:\Users\Raffaele\AppData\Roaming\Mozilla\Firefox\Profiles\cpkezzs8.default\Extensions\{F14FCF9C-2847-6C4E-B42B-1008E8BBCC64} [2014-05-05] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-20] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-14] ========================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-07-24] (Macrovision Europe Ltd.) [File not signed] S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-11-06] (NOS Microsystems Ltd.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed] S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation) [File not signed] R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation) S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-20] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-20] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-06-20] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-20] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation) [File not signed] S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [292128 2007-09-28] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation) [File not signed] R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-27] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2007-08-28] (Sony Corporation) [File not signed] R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [131072 2007-08-28] (Sony Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [83880 2008-01-18] (MCCI Corporation) S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [15016 2008-01-18] (MCCI Corporation) S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [110504 2008-01-18] (MCCI Corporation) S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [104488 2008-01-18] (MCCI Corporation) S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [100648 2008-01-18] (MCCI Corporation) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-27] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) S3 scramby; C:\Windows\System32\drivers\scramby.sys [25896 2007-02-13] (RapidSolution Software AG) S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [23840 2007-08-08] (RapidSolution Software AG) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-27] (Avira GmbH) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-06] (Texas Instruments) S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2074480 2010-01-29] (Microsoft Corporation ) U5 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG) U5 avipbb; C:\Windows\System32\Drivers\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-22 23:19 - 2014-06-22 23:19 - 00020883 _____ () C:\Users\Raffaele\Desktop\FRST.txt 2014-06-22 23:19 - 2014-06-22 23:19 - 00000000 ____D () C:\FRST 2014-06-22 23:18 - 2014-06-22 23:18 - 01070592 _____ (Farbar) C:\Users\Raffaele\Desktop\FRST.exe 2014-06-22 11:35 - 2014-06-22 23:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-22 11:35 - 2014-06-22 11:35 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-22 11:35 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-22 11:35 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-22 11:35 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-22 00:51 - 2014-06-22 00:51 - 00000000 ____D () C:\Users\Raffaele\AppData\Roaming\Avira 2014-06-22 00:50 - 2014-06-22 00:50 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-06-22 00:49 - 2014-05-27 17:12 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-06-22 00:44 - 2014-06-22 00:44 - 00227096 _____ () C:\Users\Raffaele\Desktop\avira13_registry_cleaner_de.exe 2014-06-22 00:00 - 2014-06-22 00:03 - 145126840 _____ () C:\Users\Raffaele\Desktop\avira_free_antivirus_de_672.exe 2014-06-21 22:43 - 2014-06-21 22:44 - 00000000 ____D () C:\Program Files\QuickTime 2014-06-21 22:43 - 2014-06-21 22:43 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-06-21 22:43 - 2014-06-21 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-06-21 22:28 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-21 22:28 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-21 22:28 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-21 22:28 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-21 22:28 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-21 22:28 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-21 22:28 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-06-21 22:28 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-21 22:28 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-06-21 22:28 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-21 22:28 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-21 22:28 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-21 22:28 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-06-21 22:28 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-06-21 22:28 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-21 22:28 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-21 22:28 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-21 22:28 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-21 22:28 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-06 13:21 - 2014-06-06 13:21 - 00138640 _____ () C:\Windows\Minidump\Mini060614-01.dmp 2014-06-04 22:38 - 2014-06-04 22:38 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-02 21:21 - 2014-06-02 21:21 - 00000000 ____D () C:\Program Files\pdfforge Toolbar 2014-06-02 21:21 - 2014-06-02 21:21 - 00000000 ____D () C:\Program Files\Common Files\Spigot 2014-06-02 21:21 - 2014-06-02 21:21 - 00000000 ____D () C:\Program Files\Application Updater 2014-06-01 19:03 - 2014-06-01 19:03 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk ==================== One Month Modified Files and Folders ======= 2014-06-22 23:19 - 2014-06-22 23:19 - 00020883 _____ () C:\Users\Raffaele\Desktop\FRST.txt 2014-06-22 23:19 - 2014-06-22 23:19 - 00000000 ____D () C:\FRST 2014-06-22 23:18 - 2014-06-22 23:18 - 01070592 _____ (Farbar) C:\Users\Raffaele\Desktop\FRST.exe 2014-06-22 23:17 - 2008-03-09 01:40 - 00000680 _____ () C:\Users\Raffaele\AppData\Local\d3d9caps.dat 2014-06-22 23:17 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-22 23:17 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-22 23:07 - 2014-06-22 11:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-22 22:39 - 2008-03-09 01:26 - 01237462 _____ () C:\Windows\WindowsUpdate.log 2014-06-22 22:31 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-22 18:17 - 2007-11-02 11:52 - 00003204 _____ () C:\Windows\bthservsdp.dat 2014-06-22 18:17 - 2006-11-02 15:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-22 11:54 - 2012-06-21 23:53 - 00000000 ____D () C:\Users\Raffaele\AppData\Roaming\OpenCandy 2014-06-22 11:35 - 2014-06-22 11:35 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-22 11:13 - 2007-11-02 12:12 - 01520790 _____ () C:\Windows\PFRO.log 2014-06-22 11:10 - 2014-05-05 20:34 - 00000000 ____D () C:\Users\Raffaele\AppData\Local\Oxics 2014-06-22 00:51 - 2014-06-22 00:51 - 00000000 ____D () C:\Users\Raffaele\AppData\Roaming\Avira 2014-06-22 00:50 - 2014-06-22 00:50 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-06-22 00:50 - 2009-07-08 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-06-22 00:44 - 2014-06-22 00:44 - 00227096 _____ () C:\Users\Raffaele\Desktop\avira13_registry_cleaner_de.exe 2014-06-22 00:41 - 2006-11-02 12:33 - 01575894 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-22 00:03 - 2014-06-22 00:00 - 145126840 _____ () C:\Users\Raffaele\Desktop\avira_free_antivirus_de_672.exe 2014-06-21 22:48 - 2007-11-02 14:31 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-21 22:44 - 2014-06-21 22:43 - 00000000 ____D () C:\Program Files\QuickTime 2014-06-21 22:43 - 2014-06-21 22:43 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-06-21 22:43 - 2014-06-21 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-06-21 22:34 - 2013-08-21 00:25 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-21 22:34 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-06-09 20:12 - 2006-11-02 12:22 - 61341696 _____ () C:\Windows\system32\config\software_previous 2014-06-09 20:12 - 2006-11-02 12:22 - 37224448 _____ () C:\Windows\system32\config\system_previous 2014-06-09 20:11 - 2008-07-24 00:28 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-06-09 20:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool 2014-06-09 20:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-06-09 20:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration 2014-06-09 20:07 - 2006-11-02 12:22 - 44040192 _____ () C:\Windows\system32\config\components_previous 2014-06-09 20:06 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2014-06-09 19:20 - 2008-03-09 01:40 - 00000000 ____D () C:\Users\Raffaele 2014-06-09 18:54 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2014-06-09 18:54 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\default_previous 2014-06-09 18:47 - 2008-03-27 22:30 - 00000000 ____D () C:\Users\Raffaele\AppData\Roaming\Skype 2014-06-06 13:21 - 2014-06-06 13:21 - 00138640 _____ () C:\Windows\Minidump\Mini060614-01.dmp 2014-06-06 13:21 - 2013-07-12 18:31 - 310553995 _____ () C:\Windows\MEMORY.DMP 2014-06-06 13:21 - 2008-12-27 17:55 - 00000000 ____D () C:\Windows\Minidump 2014-06-04 22:38 - 2014-06-04 22:38 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-04 22:38 - 2014-04-04 17:32 - 00000000 ___RD () C:\Program Files\Skype 2014-06-04 22:38 - 2007-11-02 14:41 - 00000000 ____D () C:\ProgramData\Skype 2014-06-02 21:21 - 2014-06-02 21:21 - 00000000 ____D () C:\Program Files\pdfforge Toolbar 2014-06-02 21:21 - 2014-06-02 21:21 - 00000000 ____D () C:\Program Files\Common Files\Spigot 2014-06-02 21:21 - 2014-06-02 21:21 - 00000000 ____D () C:\Program Files\Application Updater 2014-06-02 21:16 - 2008-03-09 22:51 - 00000000 ____D () C:\Update 2014-06-01 19:04 - 2007-11-02 14:41 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-06-01 19:03 - 2014-06-01 19:03 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2014-06-01 19:03 - 2007-11-02 14:36 - 00000000 ____D () C:\Program Files\Sony 2014-06-01 19:03 - 2007-11-02 12:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-06-01 01:31 - 2011-01-27 18:56 - 00000000 ____D () C:\Users\Raffaele\AppData\Local\CrashDumps 2014-05-28 18:48 - 2014-06-21 22:28 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-28 18:39 - 2014-06-21 22:28 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-28 18:38 - 2014-06-21 22:28 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-28 18:33 - 2014-06-21 22:28 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-28 18:32 - 2014-06-21 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-28 18:32 - 2014-06-21 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-28 18:31 - 2014-06-21 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-05-28 18:31 - 2014-06-21 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-28 18:30 - 2014-06-21 22:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-05-28 18:29 - 2014-06-21 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-28 18:29 - 2014-06-21 22:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-28 18:29 - 2014-06-21 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-28 18:29 - 2014-06-21 22:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-05-28 18:29 - 2014-06-21 22:28 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-05-28 18:28 - 2014-06-21 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-27 17:12 - 2014-06-22 00:49 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-05-27 17:12 - 2009-07-08 20:14 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-27 17:12 - 2009-07-08 20:14 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-05-27 17:12 - 2008-04-15 18:45 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys Files to move or delete: ==================== C:\Users\Raffaele\AppData\Roaming\desktop.ini Some content of TEMP: ==================== C:\Users\Raffaele\AppData\Local\Temp\AskSLib.dll C:\Users\Raffaele\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-22 22:39 ==================== End Of Log ============================ --- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-06-2014 01
Ran by Raffaele at 2014-06-22 23:20:13
Running from C:\Users\Raffaele\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
1500 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
1500_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
1500Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM\...\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}) (Version: 12.00.0000 - Akademische Arbeitsgemeinschaft)
Adobe Acrobat 8 Standard - English, Français, Deutsch (Version: 8.1.3 - Adobe Systems) Hidden
Adobe Acrobat 8.1.3 Standard (HKLM\...\Adobe Acrobat 8 Standard - English, Français, Deutsch) (Version: 8.1.3 - Adobe Systems)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems, Inc.) Hidden
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects Installer (HKLM\...\{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}) (Version: - ArcSoft)
ArcSoft Panorama Maker 4 (HKLM\...\{1F3A9498-0F8F-43B1-97A9-5B809A99AA0A}) (Version: 4.5.0.107 - ArcSoft)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter (HKLM\...\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}) (Version: 2.3 - Sony Corporation)
Biet-O-Matic v2.10.1 (HKLM\...\Biet-O-Matic v2.10.1) (Version: Biet-O-Matic v2.10.1 - BOM Development Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.73.04270 - Sony Corporation)
Click to Disc (Version: 1.2.73.04270 - Sony Corporation) Hidden
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DSD Direct (HKLM\...\{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}) (Version: 2.0.01 - Sony Corporation)
DSD Playback Plug-in (HKLM\...\{009E7FB7-1775-4D89-8956-F5C9A1C019FC}) (Version: 1.1 - Sony Corporation)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GearDrvs (Version: 1 - Symantec Corporation) Hidden
getPlus(R) (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.19 - NOS Microsystems Ltd.)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - )
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
IDT Audio (HKLM\...\{07D8511D-C9FE-4A93-933F-EAA5C8F20095}) (Version: 5.10.5303.0 - IDT)
Instant Mode (HKLM\...\{E6707034-D7A4-49B1-94D0-F5AACE46F06C}) (Version: 1.0.4 - InterVideo)
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java DB 10.5.3.0 (HKLM\...\{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}) (Version: 10.5.3.0 - Sun Microsystems, Inc)
Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java(TM) SE Development Kit 6 Update 20 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160200}) (Version: 1.6.0.200 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Club VAIO (HKLM\...\VAIO_My Club VAIO) (Version: 2.1 - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenMG Limited Patch 4.7-07-15-19-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version: - )
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.2 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v9.3 (HKLM\...\{BF5A8895-5DF8-42F0-80DC-50DD1AA2DD23}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Easy Media Creator Home (HKLM\...\{B7FB0C86-41A4-4402-9A33-912C462042A0}) (Version: 9.1.095 - Roxio)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 3.1.00.09240 - Sony Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
SonicStage Mastering Studio (HKLM\...\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}) (Version: 2.3.01 - Sony Corporation)
SonicStage Mastering Studio (Version: 2.3.01 - Sony Corporation) Hidden
SonicStage Mastering Studio Audio Filter (HKLM\...\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}) (Version: 2.3.01 - Sony Corporation)
SonicStage Mastering Studio Plugins (HKLM\...\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}) (Version: 2.4 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.3.00 - Sony Corporation)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VAIO Camera Capture Utility (HKLM\...\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}) (Version: 2.7.03.09250 - Sony Corporation)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 1.0.01.09270 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}) (Version: 2.1.00.09284 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 2.1.00.09284 - Sony Corporation) Hidden
VAIO Content Metadata Manager Settings (HKLM\...\{12D0BE8D-538C-4AB1-86DE-C540308F50DA}) (Version: 3.6.0.09240 - Sony Corporation)
VAIO Content Metadata Manager Settings (Version: 3.6.0.09240 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}) (Version: 3.6.0.09080 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.6.0.09080 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 2.1.00.09190 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.03.10030 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.0.00.06280 - Sony Corporation)
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 3.3.00.09200 - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 1.1.01.11270 - Sony Corporation)
Vaio Marketing Tools (HKLM\...\MarketingTools) (Version: - Sony)
VAIO Media (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media 6.0 (HKLM\...\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}) (Version: 6.0.10 - Sony Corporation)
VAIO Media AC3 Decoder 1.0 (HKLM\...\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}) (Version: - )
VAIO Media Content Collection 6.0 (HKLM\...\{500162A0-4DD5-460A-BAFD-895AAE48C532}) (Version: - Sony Corporation)
VAIO Media Integrated Server 6.1 (HKLM\...\{785EB1D4-ECEC-4195-99B4-73C47E187721}) (Version: - Sony Corporation)
VAIO Media Redistribution 6.0 (HKLM\...\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}) (Version: 6.0.10 - Sony Corporation)
VAIO Media Registration Tool (Version: 6.0.10 - Sony Corporation) Hidden
VAIO Media Registration Tool 6.0 (HKLM\...\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}) (Version: 6.0.10 - Sony Corporation)
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.1.00.10160 - Sony Corporation)
VAIO Movie Story (Version: 1.1.00.10160 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.1.00.09281 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 1.1.01.09240 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.0.01.09210 - Sony Corporation)
VAIO Original Function Settings (Version: 2.0.2.02240 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM\...\{7C404084-C5A6-42FF-B731-0BAC79A6E134}) (Version: 2.0.2.02240 - Sony Corporation)
VAIO Power Management (HKLM\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.3.00.10100 - Sony Corporation)
VAIO Update (HKLM\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.0.00.09200 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VU5x86 (Version: 1.1.0 - Sony Corporation ) Hidden
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software 6.1.0.2000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.2000 - Broadcom Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B8.432 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B8.432 - InterVideo Inc.) Hidden
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wireless Switch Setting Utility (HKLM\...\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}) (Version: 3.6.00.18210 - Sony Corporation)
==================== Restore Points =========================
27-04-2014 13:29:43 Windows Update
05-05-2014 15:42:43 Windows Update
09-05-2014 18:13:56 Windows Update
10-05-2014 13:57:39 Geplanter Prüfpunkt
14-05-2014 19:21:53 Windows Update
14-05-2014 22:25:03 Windows Update
19-05-2014 18:53:49 Windows Update
25-05-2014 16:50:53 Windows Update
31-05-2014 18:34:55 Windows Update
01-06-2014 14:56:44 Geplanter Prüfpunkt
01-06-2014 17:02:12 Entfernt VAIO Update
01-06-2014 17:02:41 Installiert VAIO Update
02-06-2014 22:12:09 Geplanter Prüfpunkt
03-06-2014 22:03:50 Geplanter Prüfpunkt
05-06-2014 21:47:23 Geplanter Prüfpunkt
06-06-2014 13:34:18 Geplanter Prüfpunkt
06-06-2014 14:33:34 Windows Update
09-06-2014 17:20:59 Windows Update
16-06-2014 20:33:27 Windows Update
21-06-2014 20:29:23 Windows Update
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {255ADF81-2C47-4D11-95C6-8BDA1EDAEE3E} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {50CEBBA5-D29F-4ACE-B621-5EC60F8BF0CF} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-06-15] (Sony Corporation)
Task: {56A054C0-CC5C-4E3E-9471-36DF58BE48F5} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: {58A564D0-3C36-49F9-BCB5-75490A467BF6} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {743F0D1E-EC0B-409E-A7D7-A46E8B70C206} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7C25876D-D03F-4A5B-8FD7-E17CB1DB3666} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {BB64A5A0-146C-4C38-8BA2-7789A23496CC} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {D71CB3A6-19C4-49FA-B0CB-1381CFD3FBE1} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10] (Hewlett-Packard Co.)
Task: {DA266ED6-3E57-4B3E-A282-379482173B1A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {E0252DEE-9A4B-4A82-A8BB-BB0CD6CE7B6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EAF390B4-A2B6-4475-816D-2B783AB07730} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
==================== Loaded Modules (whitelisted) =============
2010-04-15 20:00 - 2007-05-11 01:31 - 00921600 _____ () C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU
2011-08-24 17:17 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-11-02 14:42 - 2007-08-14 21:05 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2007-11-02 14:42 - 2007-08-14 21:05 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
2007-08-28 19:16 - 2007-08-28 19:16 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2007-08-28 19:03 - 2007-08-28 19:03 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Raffaele^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: VX6000 => C:\Windows\vVX6000.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (06/22/2014 10:31:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (06/22/2014 10:31:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (06/22/2014 10:31:41 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error: (06/22/2014 03:41:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (06/22/2014 03:41:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (06/22/2014 03:41:07 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
Error: (06/22/2014 02:17:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (06/22/2014 02:17:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (06/22/2014 02:17:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
Error: (06/22/2014 02:15:56 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)
System errors:
=============
Error: (06/22/2014 10:33:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/22/2014 03:42:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/22/2014 02:16:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/22/2014 02:15:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 22.06.2014 um 11:55:18 unerwartet heruntergefahren.
Error: (06/22/2014 11:51:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWDeleteFlag%%5
Error: (06/22/2014 11:51:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWDeleteFlag%%5
Error: (06/22/2014 11:51:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWDeleteFlag%%5
Error: (06/22/2014 11:41:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9F070738-F6EA-408A-A6BD-AED405E67A13}
Error: (06/22/2014 11:14:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/22/2014 00:51:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}
Microsoft Office Sessions:
=========================
Error: (12/12/2013 10:22:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 779 seconds with 540 seconds of active time. This session ended with a crash.
Error: (08/25/2011 00:50:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4245 seconds with 3900 seconds of active time. This session ended with a crash.
Error: (08/24/2011 06:12:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 264 seconds with 240 seconds of active time. This session ended with a crash.
Error: (08/04/2011 11:02:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21441 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (08/02/2011 08:16:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1706 seconds with 960 seconds of active time. This session ended with a crash.
Error: (10/08/2010 07:14:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 303 seconds with 240 seconds of active time. This session ended with a crash.
Error: (10/08/2010 07:08:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2496 seconds with 2340 seconds of active time. This session ended with a crash.
Error: (10/08/2010 11:27:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1362 seconds with 1200 seconds of active time. This session ended with a crash.
Error: (11/26/2009 05:32:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 221 seconds with 180 seconds of active time. This session ended with a crash.
Error: (11/26/2009 05:28:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5028 seconds with 2220 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-06-22 23:20:07.166
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 23:20:06.745
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 23:20:06.324
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 23:20:05.903
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 23:20:05.357
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 23:20:04.936
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 23:20:04.514
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 23:20:04.093
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 15:30:18.007
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-22 15:30:17.464
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 2045.69 MB
Available physical RAM: 1096.4 MB
Total Pagefile: 4328.63 MB
Available Pagefile: 3356.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:175.81 GB) (Free:73.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186 GB) (Disk ID: 49BDC16D)
Partition 1: (Not Active) - (Size=11 GB) - (Type=27)
Partition 2: (Active) - (Size=176 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.06.2014, 17:52
| #4 |
| /// Malwareteam | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Alles klar, dann so weiter: Schritt 1 Bitte deinstalliere folgende Programme:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8). Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [Oxics] => regsvr32.exe
HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [ammlagbh] => regsvr32.exe "
HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [ezfgkb] => regsvr32.exe "
SearchScopes: HKCU - {E8ADE25B-04C6-4C50-A3C1-1BC98866B6D2} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: No Name - {2B4F8F53-9CC0-4C86-A16B-4814ECAB9CF7} - No File
2014-06-22 11:10 - 2014-05-05 20:34 - 00000000 ____D () C:\Users\Raffaele\AppData\Local\Oxics
Reboot:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 Starte MBAM bitte nochmal neu, lasse die Datenbank updaten und danach den Computer scannen. Schritt 4 ESET Online Scanner
Schritt 5 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
24.06.2014, 19:46
| #5 |
| | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Hallo, Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:22-06-2014
Ran by Raffaele at 2014-06-23 22:23:52 Run:1
Running from C:\Users\Raffaele\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [Oxics] => regsvr32.exe
HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [ammlagbh] => regsvr32.exe "
HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [ezfgkb] => regsvr32.exe "
SearchScopes: HKCU - {E8ADE25B-04C6-4C50-A3C1-1BC98866B6D2} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: No Name - {2B4F8F53-9CC0-4C86-A16B-4814ECAB9CF7} - No File
2014-06-22 11:10 - 2014-05-05 20:34 - 00000000 ____D () C:\Users\Raffaele\AppData\Local\Oxics
Reboot:
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-2931793493-3698790221-632767063-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Oxics => value deleted successfully.
HKU\S-1-5-21-2931793493-3698790221-632767063-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ammlagbh => value deleted successfully.
HKU\S-1-5-21-2931793493-3698790221-632767063-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ezfgkb => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E8ADE25B-04C6-4C50-A3C1-1BC98866B6D2}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{E8ADE25B-04C6-4C50-A3C1-1BC98866B6D2}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B4F8F53-9CC0-4C86-A16B-4814ECAB9CF7}' => Key deleted successfully.
'HKCR\CLSID\{2B4F8F53-9CC0-4C86-A16B-4814ECAB9CF7}'=> Key not found.
C:\Users\Raffaele\AppData\Local\Oxics => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=6cb591ae1d4b1447beff4e37c0246330
# engine=18852
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-24 06:19:16
# local_time=2014-06-24 08:19:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 27027 241123484 0 0
# scanned=221949
# found=4
# cleaned=0
# scan_time=6283
sh=794B095A2D738ED17C303EE707757F80E881DE1A ft=1 fh=6ed3f5d107d68219 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\DVDVideoSoft\Installations\FreeYouTubeToMP3Converter.exe"
sh=308C9AB1B887271B6083CE2C07008141A5F52A52 ft=1 fh=31688d33bef095f9 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar-4_4_0_setup.exe"
sh=DABC08BDF0203F5946101A0EEA51D494E87F67B9 ft=1 fh=7788df8e5b966f5d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Raffaele\AppData\Local\Temp\OCS\ocs_v71.exe"
sh=6B01B3ABD98E5E851A9BEDB3B9D37BF60A4A13E9 ft=1 fh=b1736438201905fd vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\pdfforgeToolbar.exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014 Ran by Raffaele (administrator) on NOTEBOOK on 24-06-2014 20:39:39 Running from C:\Users\Raffaele\Desktop Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\SLsvc.exe () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (IDT, Inc.) C:\Windows\System32\stacsv.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [118784 2007-06-10] (Alps Electric Co., Ltd.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.) HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG) Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-2931793493-3698790221-632767063-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com SearchScopes: HKLM - DefaultScope {54AD2F42-E765-4130-BB75-30059D868F74} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKLM - {54AD2F42-E765-4130-BB75-30059D868F74} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Raffaele\AppData\Roaming\Mozilla\Firefox\Profiles\cpkezzs8.default FF Homepage: hxxp://www.google.de/ FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Groove File Launch Services - C:\Users\Raffaele\AppData\Roaming\Mozilla\Firefox\Profiles\cpkezzs8.default\Extensions\{F14FCF9C-2847-6C4E-B42B-1008E8BBCC64} [2014-05-05] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-20] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-14] ========================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-07-24] (Macrovision Europe Ltd.) [File not signed] S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-11-06] (NOS Microsystems Ltd.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed] S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation) [File not signed] R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation) S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-20] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-20] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-06-20] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-20] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation) [File not signed] S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [292128 2007-09-28] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation) [File not signed] R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1228336 2014-02-27] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2007-08-28] (Sony Corporation) [File not signed] R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [131072 2007-08-28] (Sony Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [83880 2008-01-18] (MCCI Corporation) S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [15016 2008-01-18] (MCCI Corporation) S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [110504 2008-01-18] (MCCI Corporation) S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [104488 2008-01-18] (MCCI Corporation) S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [100648 2008-01-18] (MCCI Corporation) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-27] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) S3 scramby; C:\Windows\System32\drivers\scramby.sys [25896 2007-02-13] (RapidSolution Software AG) S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [23840 2007-08-08] (RapidSolution Software AG) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-27] (Avira GmbH) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-06] (Texas Instruments) S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2074480 2010-01-29] (Microsoft Corporation ) U5 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG) U5 avipbb; C:\Windows\System32\Drivers\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-24 20:39 - 2014-06-24 20:39 - 00019632 _____ () C:\Users\Raffaele\Desktop\FRST.txt 2014-06-23 22:35 - 2014-06-23 22:35 - 00000000 ____D () C:\Program Files\ESET 2014-06-23 22:23 - 2014-06-24 06:31 - 00000000 ____D () C:\Users\Raffaele\Desktop\FRST-OlderVersion 2014-06-22 23:19 - 2014-06-24 20:39 - 00000000 ____D () C:\FRST 2014-06-22 23:18 - 2014-06-23 22:23 - 01073152 _____ (Farbar) C:\Users\Raffaele\Desktop\FRST.exe 2014-06-22 11:35 - 2014-06-24 19:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-22 11:35 - 2014-06-22 11:35 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-22 11:35 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-22 11:35 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-22 11:35 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-22 00:51 - 2014-06-22 00:51 - 00000000 ____D () C:\Users\Raffaele\AppData\Roaming\Avira 2014-06-22 00:50 - 2014-06-22 00:50 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-06-22 00:49 - 2014-05-27 17:12 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-06-22 00:44 - 2014-06-22 00:44 - 00227096 _____ () C:\Users\Raffaele\Desktop\avira13_registry_cleaner_de.exe 2014-06-22 00:00 - 2014-06-22 00:03 - 145126840 _____ () C:\Users\Raffaele\Desktop\avira_free_antivirus_de_672.exe 2014-06-21 22:43 - 2014-06-21 22:44 - 00000000 ____D () C:\Program Files\QuickTime 2014-06-21 22:43 - 2014-06-21 22:43 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-06-21 22:43 - 2014-06-21 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-06-21 22:28 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-21 22:28 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-21 22:28 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-21 22:28 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-21 22:28 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-21 22:28 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-21 22:28 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-06-21 22:28 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-21 22:28 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-21 22:28 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-06-21 22:28 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-21 22:28 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-21 22:28 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-21 22:28 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-06-21 22:28 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-06-21 22:28 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-21 22:28 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-21 22:28 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-21 22:28 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-21 22:28 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-06 13:21 - 2014-06-06 13:21 - 00138640 _____ () C:\Windows\Minidump\Mini060614-01.dmp 2014-06-04 22:38 - 2014-06-04 22:38 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-01 19:03 - 2014-06-01 19:03 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk ==================== One Month Modified Files and Folders ======= 2014-06-24 20:40 - 2014-06-24 20:39 - 00019632 _____ () C:\Users\Raffaele\Desktop\FRST.txt 2014-06-24 20:39 - 2014-06-22 23:19 - 00000000 ____D () C:\FRST 2014-06-24 20:06 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-24 20:06 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-24 19:48 - 2008-03-09 01:26 - 01301848 _____ () C:\Windows\WindowsUpdate.log 2014-06-24 19:31 - 2014-06-22 11:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-24 06:31 - 2014-06-23 22:23 - 00000000 ____D () C:\Users\Raffaele\Desktop\FRST-OlderVersion 2014-06-24 00:06 - 2008-03-09 01:40 - 00000680 _____ () C:\Users\Raffaele\AppData\Local\d3d9caps.dat 2014-06-24 00:06 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-23 22:35 - 2014-06-23 22:35 - 00000000 ____D () C:\Program Files\ESET 2014-06-23 22:24 - 2007-11-02 11:52 - 00003204 _____ () C:\Windows\bthservsdp.dat 2014-06-23 22:24 - 2006-11-02 15:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-23 22:23 - 2014-06-22 23:18 - 01073152 _____ (Farbar) C:\Users\Raffaele\Desktop\FRST.exe 2014-06-22 11:54 - 2012-06-21 23:53 - 00000000 ____D () C:\Users\Raffaele\AppData\Roaming\OpenCandy 2014-06-22 11:35 - 2014-06-22 11:35 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-22 11:35 - 2014-06-22 11:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-22 11:13 - 2007-11-02 12:12 - 01520790 _____ () C:\Windows\PFRO.log 2014-06-22 00:51 - 2014-06-22 00:51 - 00000000 ____D () C:\Users\Raffaele\AppData\Roaming\Avira 2014-06-22 00:50 - 2014-06-22 00:50 - 00001847 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-06-22 00:50 - 2009-07-08 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-06-22 00:44 - 2014-06-22 00:44 - 00227096 _____ () C:\Users\Raffaele\Desktop\avira13_registry_cleaner_de.exe 2014-06-22 00:41 - 2006-11-02 12:33 - 01575894 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-22 00:03 - 2014-06-22 00:00 - 145126840 _____ () C:\Users\Raffaele\Desktop\avira_free_antivirus_de_672.exe 2014-06-21 22:48 - 2007-11-02 14:31 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-21 22:44 - 2014-06-21 22:43 - 00000000 ____D () C:\Program Files\QuickTime 2014-06-21 22:43 - 2014-06-21 22:43 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-06-21 22:43 - 2014-06-21 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-06-21 22:34 - 2013-08-21 00:25 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-21 22:34 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-06-09 20:12 - 2006-11-02 12:22 - 61341696 _____ () C:\Windows\system32\config\software_previous 2014-06-09 20:12 - 2006-11-02 12:22 - 37224448 _____ () C:\Windows\system32\config\system_previous 2014-06-09 20:11 - 2008-07-24 00:28 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-06-09 20:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool 2014-06-09 20:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-06-09 20:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration 2014-06-09 20:07 - 2006-11-02 12:22 - 44040192 _____ () C:\Windows\system32\config\components_previous 2014-06-09 20:06 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2014-06-09 19:20 - 2008-03-09 01:40 - 00000000 ____D () C:\Users\Raffaele 2014-06-09 18:54 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2014-06-09 18:54 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\default_previous 2014-06-09 18:47 - 2008-03-27 22:30 - 00000000 ____D () C:\Users\Raffaele\AppData\Roaming\Skype 2014-06-06 13:21 - 2014-06-06 13:21 - 00138640 _____ () C:\Windows\Minidump\Mini060614-01.dmp 2014-06-06 13:21 - 2013-07-12 18:31 - 310553995 _____ () C:\Windows\MEMORY.DMP 2014-06-06 13:21 - 2008-12-27 17:55 - 00000000 ____D () C:\Windows\Minidump 2014-06-04 22:38 - 2014-06-04 22:38 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-04 22:38 - 2014-04-04 17:32 - 00000000 ___RD () C:\Program Files\Skype 2014-06-04 22:38 - 2007-11-02 14:41 - 00000000 ____D () C:\ProgramData\Skype 2014-06-02 21:16 - 2008-03-09 22:51 - 00000000 ____D () C:\Update 2014-06-01 19:04 - 2007-11-02 14:41 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-06-01 19:03 - 2014-06-01 19:03 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2014-06-01 19:03 - 2007-11-02 14:36 - 00000000 ____D () C:\Program Files\Sony 2014-06-01 19:03 - 2007-11-02 12:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-06-01 01:31 - 2011-01-27 18:56 - 00000000 ____D () C:\Users\Raffaele\AppData\Local\CrashDumps 2014-05-28 18:48 - 2014-06-21 22:28 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-28 18:39 - 2014-06-21 22:28 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-28 18:38 - 2014-06-21 22:28 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-28 18:33 - 2014-06-21 22:28 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-28 18:32 - 2014-06-21 22:28 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-28 18:32 - 2014-06-21 22:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-28 18:31 - 2014-06-21 22:28 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-05-28 18:31 - 2014-06-21 22:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-28 18:30 - 2014-06-21 22:28 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-28 18:30 - 2014-06-21 22:28 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-05-28 18:29 - 2014-06-21 22:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-28 18:29 - 2014-06-21 22:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-28 18:29 - 2014-06-21 22:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-28 18:29 - 2014-06-21 22:28 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-05-28 18:29 - 2014-06-21 22:28 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-05-28 18:28 - 2014-06-21 22:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-27 17:12 - 2014-06-22 00:49 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-05-27 17:12 - 2009-07-08 20:14 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-27 17:12 - 2009-07-08 20:14 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-05-27 17:12 - 2008-04-15 18:45 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys Files to move or delete: ==================== C:\Users\Raffaele\AppData\Roaming\desktop.ini Some content of TEMP: ==================== C:\Users\Raffaele\AppData\Local\Temp\AskSLib.dll C:\Users\Raffaele\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-24 12:14 ==================== End Of Log ============================ --- --- --- Schritt 3 habe ich nicht verstanden. Was bedeutet MBAM?? |
|
24.06.2014, 20:55
| #6 |
| /// Malwareteam | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Oh sry, MBAM heißt Malwarebytes Anti-Malware. Das Programm hattest du laut deinem ersten Post schon runtergeladen und installiert, aber i-was funktionierte nicht. Starte das Programm nochmal, lasse die Datenbank aktualisieren und scanne deinen Rechner. Hier ist auch nochmal eine detaillierte Anleitung: Downloade Dir bitte  Malwarebytes Anti-Malware
Hast du noch Probleme mit dem Rechner? Wirt Avira wieder normal gestartet?
__________________ --> Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt |
|
24.06.2014, 22:38
| #7 |
| | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Hey Jonas, hier die versprochene mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Error, 24.06.2014 00:06:21, SYSTEM, NOTEBOOK, Protection, IsLicensed, 13, Protection, 24.06.2014 00:06:21, SYSTEM, NOTEBOOK, Protection, Malware Protection, Stopping, Protection, 24.06.2014 00:06:21, SYSTEM, NOTEBOOK, Protection, Malware Protection, Stopped, Update, 24.06.2014 00:35:07, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.23.12, 2014.6.23.13, Update, 24.06.2014 02:37:05, SYSTEM, NOTEBOOK, Scheduler, Rootkit Database, 2014.6.20.1, 2014.6.23.2, Update, 24.06.2014 04:48:27, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.23.13, 2014.6.24.2, Update, 24.06.2014 05:42:47, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.24.2, 2014.6.24.3, Update, 24.06.2014 12:06:52, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.24.3, 2014.6.24.4, Update, 24.06.2014 13:00:37, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.24.4, 2014.6.24.5, Update, 24.06.2014 13:53:42, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.24.5, 2014.6.24.7, Update, 24.06.2014 15:40:43, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.24.7, 2014.6.24.8, Update, 24.06.2014 16:41:00, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.24.8, 2014.6.24.9, Update, 24.06.2014 17:26:05, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.24.9, 2014.6.24.10, Update, 24.06.2014 19:31:14, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.24.10, 2014.6.24.11, Update, 24.06.2014 21:25:56, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.24.11, 2014.6.24.12, Update, 24.06.2014 22:22:14, SYSTEM, NOTEBOOK, Scheduler, Malware Database, 2014.6.24.12, 2014.6.24.13, (end) Einziges Problem: Sobald ich Antivir updaten möchte erscheint die Fehlermeldung Beim Versuch das Internet Update zu starten ist folgender Fehler aufgetreten: Der Zugriff wurde verweigert. Weisst du, an was es liegen könnte??? Grüße |
|
26.06.2014, 19:06
| #8 | |
| /// Malwareteam | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Sorry für die späte Antwort, dass ist das falsche Malwarebytes Anti Malware Logfile. Kannst du mir noch das richtige nachreichen? Lesestoff  MBAM-Funde posten: So gehts...Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden. Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.
 Zitat:
__________________ Gruß, Jonas Geändert von sunjojo (26.06.2014 um 19:57 Uhr) |
|
29.06.2014, 15:26
| #9 |
| | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt ist dies das richtige? Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.06.2014 Suchlauf-Zeit: 14:42:13 Logdatei: log.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.29.03 Rootkit Datenbank: v2014.06.23.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Raffaele Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 270111 Verstrichene Zeit: 15 Min, 23 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 3 PUP.Optional.OpenCandy, C:\Users\Raffaele\AppData\Roaming\OpenCandy, , [0e2955290d6e4cea1318365e7191d828], PUP.Optional.OpenCandy, C:\Users\Raffaele\AppData\Roaming\OpenCandy\A746B289DC1C4A5FA5022B5405D49A74, , [0e2955290d6e4cea1318365e7191d828], PUP.Optional.OpenCandy, C:\Users\Raffaele\AppData\Roaming\OpenCandy\OpenCandy_A746B289DC1C4A5FA5022B5405D49A74, , [0e2955290d6e4cea1318365e7191d828], Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) |
|
30.06.2014, 19:35
| #10 | ||||||||
| /// Malwareteam | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Jop, das ist die richtige Anleitung .Kannst du Avira wieder Updaten (hat die Anleitung funktioniert)? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 2014-06-22 11:54 - 2012-06-21 23:53 - 00000000 ____D () C:\Users\Raffaele\AppData\Roaming\OpenCandy
C:\Users\Raffaele\AppData\Roaming\desktop.ini
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Updates Java Version 7 Update 60 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Adobe Reader Version XI (11.0.07)
Adobe Flash Player Version 14.0.0.125
Cleanup Falls du Malwarebytes Anti-Malware und den ESET Online Scanner nicht mehr behalten möchtest, kannst du diese über die Systemsteuerung deinstallieren. Ich empfehle dir, mindestens ein Programm zu behalten (näheres in den Tipps). Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> SoftwareDie Reihenfolge ist hier entscheidend.
In deinen Logfiles sehe ich im Moment keine schädlichen Einträge mehr, du bist in meinen Augen Clean. Für die Zukunft habe ich dir Tipps aufgeschrieben, damit du uns in nächster Zeit nicht mehr brauchst .Tipps - Frequently Asked Questions (FAQ)/Häufig gestellte Fragen Welcher Antivirenscanner ist der beste?
Aber Updates muss ich immer installieren, oder?
Ok, muss ich auf etwas achten, wenn ich im Internet surfe?
Welche Programme sollte ich nicht verwenden?
Gibt es noch weitere Tipps, um mich zu schützen?
 .Wenn du die Arbeit des Trojaner-Boards unterstützen möchtest, kannst du gerne spenden .Ich wünsche dir eine schöne und malwarefreie Zeit  .
__________________ Gruß, Jonas |
|
06.07.2014, 21:41
| #11 |
| | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Hier der Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-07-2014 01
Ran by Raffaele at 2014-07-06 21:01:35 Run:2
Running from C:\Users\Raffaele\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
2014-06-22 11:54 - 2012-06-21 23:53 - 00000000 ____D () C:\Users\Raffaele\AppData\Roaming\OpenCandy
C:\Users\Raffaele\AppData\Roaming\desktop.ini
*****************
C:\Users\Raffaele\AppData\Roaming\OpenCandy => Moved successfully.
C:\Users\Raffaele\AppData\Roaming\desktop.ini => Moved successfully.
==== End of Fixlog ====
Ich hab jetzt mal Antivir deinstalliert, da das Update auch mit deiner geposteten Anleitung nicht funktioniert hat. Ich habe jetzt das von dir empfohlene Emisoft installiert....... |
|
08.07.2014, 23:12
| #12 |
| /// Malwareteam | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Sry für die späte Antwort, ich war am Wochenende außer Haus. Alles klar, hast du jetzt noch weitere Fragen oder Probleme?
__________________ Gruß, Jonas |
|
24.07.2014, 21:58
| #13 |
| /// Malwareteam | Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt Hallo Hilflos-88, schön, dass wir dir helfen konnten  .Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht, damit erhalte ich keine Benachrichtungen über neue Antworten in diesem Thread. Solltest Du das Thema erneut brauchen, schicke mir bitte eine private Nachricht. Jeder Andere bitte hier klicken und einen eigenen Thread erstellen.
__________________ Gruß, Jonas |
|
| Themen zu Avira: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt --> Onlinebanking gesperrt |
| abgesicherten, antivir gruppenrichtlinie trojaner hilfe, avira, beim starten, clean, dieses programm wurde durch eine gruppenrichtlinie geblockt, ebanking, erhalte, fehlermeldung, foren, geblockt, gesperrt, google, hallo zusammen, hinweis, internet, komplett, malwarebytes, modus, neu, onlinebanking, problem, programm, registry, starten, total, trojaner, viren |
Linear-Darstellung
