Ständige Werbeanzeigen trotz Adblock

MariaG · 03.01.2015, 19:30

Guten Abend zusammen,

ich habe folgendes Problem: Seit mehreren Wochen kann ich kaum noch ordentlich arbeiten, da sich auf jeder Internetseite mehrere Werbeanzeigen öffnen. Ich bin wirklich absolut unwissend in diesem Gebiet, habe aber bereits versucht mich zu belesen. Ich habe bereits einen Adblock. Zudem habe ich den adwcleaner durchlaufen lassen. Gerade lasse ich Anti - Malware durchlaufen, es wurden bereits 17 Objekte gefunden.. die insgesamt gefundenen schiebe ich dann in Quarantäne, ja?

Vielleicht kann mir jemand schrittweise und leicht verständlich weiter helfen,
diese vielen Werbungen und Pop-up-Fenster machen mich ganz irre.

Herzlichen Dank,
Maria

M-K-D-B · 03.01.2015, 19:40

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Bitte kein Tool ohne Anweisung ausführen, du erschwerst uns damit nur die Bereinigung !!

Zur ersten Analyse bitte FRST ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

MariaG · 04.01.2015, 10:42

Hallo Matthias, lieben Dank für deine Hilfe schonmal.
Hier die Daten von FRST:

Code:

ATTFilter

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by Maria at 2015-01-04 10:34:54
Running from C:\Users\Maria\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
A-PDF Number freeware 1.3 (HKLM-x32\...\A-PDF Number_is1) (Version:  - A-PDF.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 3932768.4759644.48.2147344384 - Audible, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1923 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5601.52 - CyberLink Corp.)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free FLV Converter V 7.6.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.0.0 - Koyote Soft)
Free Pdf Perfect Prereq (HKLM-x32\...\{dc0b7acb-e3f1-4bdb-8672-340890b4891b}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free Pdf Perfect Prereq (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Freemium Free PDF Perfect (HKLM-x32\...\{88265079-D6F4-4292-86BE-D2053E80BFE4}) (Version: 1.0 - Freemium)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HomeTab 7.1 (HKLM-x32\...\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1) (Version: 7.1 - One Floor App) <==== ATTENTION
HomeTab 7.2 (HKLM-x32\...\{16a8a845-b794-49a6-9317-7668770c7304}_is1) (Version: 7.2 - HomeTab) <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 38645) (Version: 03.05.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
LaCie Network Assistant 1.5.14.71 (HKLM\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.5.14.71 - LaCie)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft HPC Pack 2012 MS-MPI Redistributable Pack (HKLM\...\{F280A816-C0CB-4700-A3C6-9FDD8C80FD18}) (Version: 4.0.3906.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Nero BackItUp 12 Essentials (HKLM-x32\...\{0E3368AC-FB29-4C5E-938E-FA11C12D035E}) (Version: 12.0.01200 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDFCreator 1.0 (HKLM-x32\...\PDFCreator) (Version: 1.0 - OneFloorApp)
PDFTK Builder 3.5.3 (HKLM-x32\...\PDFTK Builder_is1) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.212 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Screenshot Captor 4.8 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.2 - Synaptics Incorporated)
VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Remote-Tastatur mit PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.0.08240 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1421762867-1140521657-417625980-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

03-01-2015 15:43:31 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0199B907-E7E2-44C7-BA1F-9D7A76BDEEE4} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WHomepageShield.exe <==== ATTENTION
Task: {0584150B-1D3F-4837-BAD2-8FCCDE0AA0AC} - System32\Tasks\Maria Nero LIVEBackup Merge 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-01-23] (Nero AG)
Task: {0A2351CC-97AD-4C9C-94F5-F9DD3BB1D503} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {0C59B3FA-1195-43AB-9214-13FF71367417} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {150E7DF9-D935-4B61-8E0F-EE1A6756D92D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-04] ()
Task: {18E475D1-BC77-4C48-9FB5-43413A9F608C} - System32\Tasks\NCH Software\VideoPadReminder => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe
Task: {1B072BC8-2182-453E-A77A-A6A3531A9B79} - System32\Tasks\Maria Nero LIVEBackup 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-01-23] (Nero AG)
Task: {20BD2DB7-1D7D-4618-8EEC-307EFE12F865} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {21F297B1-C03B-48AC-8AB3-A89ED17E7CB2} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {231168CC-3A75-42F1-9B4E-8D592EED86B5} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {33B26C23-770F-479D-91A3-70F0205B060B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {3FCE03E8-91CA-4F98-BEF1-363ED430603E} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4045C4B2-0322-472A-92DD-7F6E07D51380} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {471CEB84-86BD-49BD-941C-CC375E72FDC7} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe <==== ATTENTION
Task: {473A1800-8627-4718-AF30-49005A22D365} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {48EC5C49-490F-4BCD-A9EC-3D83AD9617FE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {4B73B10F-FB9D-4578-B350-40AF86A33A7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {502A19B3-48D6-40C5-8252-15FF219BC601} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {565E133E-BE34-4C47-9154-40C773AF3B6D} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {582C1EC5-5008-497E-B540-2E58211AEB62} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {5C534C84-0846-4F48-B132-7567820C81E4} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5C745E6C-CBC0-4BBB-BA75-5743096E2B80} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6261E671-0F69-471A-B39E-41F196AA65C1} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {67D505FE-C0B5-4DFE-A06A-C14C5B09371F} - System32\Tasks\VAIO Care Rescue Tool => C:\Windows\Temp\VAIO Care Rescue Tool.vbs
Task: {6A842EF7-DCFF-4392-9F0A-20264CF6D91D} - System32\Tasks\{371819A9-F368-4D53-B58C-6F589BB831FF} => pcalua.exe -a C:\Users\Maria\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=step
Task: {6C59272C-8928-4D60-9A02-25E419EA61B3} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {6EC2D943-0033-407C-9A0A-EB645BEE7E46} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {6F046D63-8861-4EBA-BF9B-3F70C455443E} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-07-31] (Sony Corporation)
Task: {7E7B4AA6-7A32-49C1-9374-A0391F402546} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {809B05C8-72BF-437D-8184-FD761F3EF4DC} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {83BE66F1-A3D1-4260-9F16-ADEBC97DB94C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {91CFB927-C403-4EDD-8CA7-29429B614C74} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {9A19AC4F-C94C-43D4-9C9A-C93695D80CCC} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {9AEF4689-4B6C-4B95-B54F-228451DCDD41} - System32\Tasks\Chrome => C:\Users\Maria\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION
Task: {ADD4B51E-A5FC-44A5-90A2-22F505D01180} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {AF00F223-BE04-4AA9-88E9-5DF333D9D12E} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BB256043-DB92-4B43-8111-732117C6991B} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrowserSockets.exe <==== ATTENTION
Task: {BB39B57B-41B4-4FC8-A04F-DD0FE8113F1C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C945B0B9-595A-4860-BA47-87559B303243} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {DE02234B-C077-4FBC-8167-050A1FCD48CC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {DE4FEF2C-9D06-44BF-952C-8E720A8B29F9} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {F3334A67-A639-4820-8785-4F0C94FA9379} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {FD081810-0882-4756-8665-8ADF995FE1C2} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {FEAAD1B5-E88C-4E94-9971-1976672000DE} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {FF94A8DB-CC73-4E88-9B1D-175B4F9A8355} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-10-09 13:02 - 2012-10-09 13:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-09 12:57 - 2012-10-09 12:57 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-09 12:59 - 2012-10-09 12:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-09 13:02 - 2012-10-09 13:02 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-11-19 10:21 - 2013-11-19 10:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-20 04:33 - 2012-08-06 18:54 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-01-04 15:45 - 2012-12-06 14:58 - 00194048 _____ () C:\Program Files\LaCie\Network Assistant\curllib.dll
2013-01-04 15:45 - 2012-12-06 14:58 - 00110592 _____ () C:\Program Files\LaCie\Network Assistant\OpenLDAP.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00015872 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00443904 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00060928 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2015-01-03 18:04 - 2015-01-03 18:04 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-03 18:04 - 2015-01-03 18:04 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-03 18:04 - 2015-01-03 18:04 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-09-20 05:10 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-03 18:19 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Maria\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISBMgr.exe"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SweetIM"
HKLM\...\StartupApproved\Run32: => "Sweetpacks Communicator"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-1421762867-1140521657-417625980-500 - Administrator - Disabled)
Gast (S-1-5-21-1421762867-1140521657-417625980-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1421762867-1140521657-417625980-1003 - Limited - Enabled)
Maria (S-1-5-21-1421762867-1140521657-417625980-1001 - Administrator - Enabled) => C:\Users\Maria

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Description: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 10:08:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17b4

Startzeit: 01d027fd46bb0f39

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 3abdc7b8-93f1-11e4-bef4-30f9edbe7ce2

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/03/2015 08:02:12 PM) (Source: BackItUp6) (EventID: 3374) (User: )
Description: Sicherung ist fehlgeschlagen.

Error: (01/03/2015 08:02:12 PM) (Source: BackItUp6) (EventID: 6277) (User: )
Description: Die Ausführung des Jobs ist fehlgeschlagen, da das gewählte Ziel (F:\) für Job (Maria Nero LIVEBackup) nicht existiert oder nicht darauf zugegriffen werden kann.

Error: (01/03/2015 07:47:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007ffb4ae3b421
ID des fehlerhaften Prozesses: 0x18e8
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3
Vollständiger Name des fehlerhaften Pakets: VCAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VCAgent.exe5

Error: (01/03/2015 07:47:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()

Error: (01/03/2015 07:46:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VINCE)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/03/2015 07:46:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VINCE)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/03/2015 06:02:08 PM) (Source: BackItUp6) (EventID: 3374) (User: )
Description: Sicherung ist fehlgeschlagen.

Error: (01/03/2015 06:02:08 PM) (Source: BackItUp6) (EventID: 6277) (User: )
Description: Die Ausführung des Jobs ist fehlgeschlagen, da das gewählte Ziel (F:\) für Job (Maria Nero LIVEBackup) nicht existiert oder nicht darauf zugegriffen werden kann.

Error: (01/03/2015 04:02:10 PM) (Source: BackItUp6) (EventID: 3374) (User: )
Description: Sicherung ist fehlgeschlagen.


System errors:
=============
Error: (01/04/2015 10:24:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/04/2015 10:24:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht.

Error: (01/04/2015 10:19:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/04/2015 10:19:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht.

Error: (01/04/2015 10:19:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Store-Dienst (WSService)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/04/2015 10:19:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Store-Dienst (WSService) erreicht.

Error: (01/04/2015 10:18:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Store-Dienst (WSService)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/04/2015 10:18:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Store-Dienst (WSService) erreicht.

Error: (01/04/2015 10:18:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Store-Dienst (WSService)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/04/2015 10:18:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Store-Dienst (WSService) erreicht.


Microsoft Office Sessions:
=========================
Error: (01/04/2015 10:08:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068917b401d027fd46bb0f394294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe3abdc7b8-93f1-11e4-bef4-30f9edbe7ce2microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/03/2015 08:02:12 PM) (Source: BackItUp6) (EventID: 3374) (User: )
Description: Sicherung ist fehlgeschlagen.

Error: (01/03/2015 08:02:12 PM) (Source: BackItUp6) (EventID: 6277) (User: )
Description: Die Ausführung des Jobs ist fehlgeschlagen, da das gewählte Ziel (F:\) für Job (Maria Nero LIVEBackup) nicht existiert oder nicht darauf zugegriffen werden kann.

Error: (01/03/2015 07:47:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c000000500007ffb4ae3b42118e801d0277dfeae94f4C:\Program Files\Sony\VAIO Care\VCAgent.exeunknowne9ef409a-9378-11e4-bef3-30f9edbe7ce2

Error: (01/03/2015 07:47:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()

Error: (01/03/2015 07:46:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VINCE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (01/03/2015 07:46:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VINCE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (01/03/2015 06:02:08 PM) (Source: BackItUp6) (EventID: 3374) (User: )
Description: Sicherung ist fehlgeschlagen.

Error: (01/03/2015 06:02:08 PM) (Source: BackItUp6) (EventID: 6277) (User: )
Description: Die Ausführung des Jobs ist fehlgeschlagen, da das gewählte Ziel (F:\) für Job (Maria Nero LIVEBackup) nicht existiert oder nicht darauf zugegriffen werden kann.

Error: (01/03/2015 04:02:10 PM) (Source: BackItUp6) (EventID: 3374) (User: )
Description: Sicherung ist fehlgeschlagen.


CodeIntegrity Errors:
===================================
  Date: 2015-01-04 10:34:25.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 10:26:12.908
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-04 10:25:20.189
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-04 10:20:33.660
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-01-04 10:20:32.395
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-01-04 10:20:32.207
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-01-04 10:20:32.207
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-01-04 10:20:32.207
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Windows\SysWOW64\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-01-04 10:20:32.207
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Windows\SysWOW64\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-01-04 10:20:32.176
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Windows\SysWOW64\hmpalert.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 3975.27 MB
Available physical RAM: 2198.01 MB
Total Pagefile: 4871.27 MB
Available Pagefile: 2347.41 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:668.21 GB) (Free:334.82 GB) NTFS
Drive e: () (Removable) (Total:3.69 GB) (Free:2.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 50B6019E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST Editor: (das vorher war mit der Überschrift Addition Edditor):

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Maria (administrator) on VINCE on 04-01-2015 10:33:16
Running from C:\Users\Maria\Downloads
Loaded Profile: Maria (Available profiles: Maria)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(LaCie SA) C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-10-09] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-10-09] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-09] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-17] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896 2012-06-25] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2010-01-18] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\...\Run: [LaCie Ethernet Agent Startup] => C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe [9787904 2012-12-06] (LaCie SA)
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Maria\AppData\Roaming\Copy\CopyAgent.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk
ShortcutTarget: PackerV2.exe.lnk -> C:\Users\Maria\AppData\Local\Temp\Rau\PackerV2.exe (No File)
Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} =>  No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} =>  No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} =>  No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} =>  No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} =>  No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} =>  No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} =>  No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} =>  No File
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1421762867-1140521657-417625980-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> URL hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1375706931470.000005&tguid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&q={searchTerms}
SearchScopes: HKLM-x32 -> SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 -> TopResultURLFallback hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1375706931470.000005&tguid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Toolbar: HKLM-x32 - No Name - {da2e16d5-254c-4e11-8fed-2a1b201de379} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\sdqi7w3e.default-1384790447736
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll (Midasplayer Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\sdqi7w3e.default-1384790447736\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-08-05]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb

Chrome: 
=======
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [Disabled: dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [219776 2012-10-09] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-05-19] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-08-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-08-06] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-05] (soft Xpansion)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-08-08] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-09] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-09] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-10-09] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-05-19] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2015-01-03] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-27] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 10:33 - 2015-01-04 10:34 - 00021474 _____ () C:\Users\Maria\Downloads\FRST.txt
2015-01-04 10:33 - 2015-01-04 10:33 - 00000000 ____D () C:\FRST
2015-01-04 10:32 - 2015-01-04 10:32 - 02123776 _____ (Farbar) C:\Users\Maria\Downloads\FRST64.exe
2015-01-03 19:09 - 2015-01-04 10:04 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 19:08 - 2015-01-03 19:08 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-03 19:08 - 2015-01-03 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-03 19:08 - 2015-01-03 19:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-03 19:08 - 2015-01-03 19:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-03 19:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-03 19:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-03 19:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-03 19:06 - 2015-01-03 19:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Maria\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-03 18:52 - 2015-01-03 18:52 - 00642504 _____ () C:\Users\Maria\Downloads\setup.exe
2015-01-03 18:52 - 2015-01-03 18:52 - 00642504 _____ () C:\Users\Maria\Downloads\setup(1).exe
2015-01-03 18:45 - 2015-01-03 19:48 - 00006358 _____ () C:\WINDOWS\PFRO.log
2015-01-03 18:40 - 2015-01-03 18:43 - 00000000 ____D () C:\AdwCleaner
2015-01-03 18:39 - 2015-01-03 18:40 - 02173952 _____ () C:\Users\Maria\Downloads\adwcleaner_4.106(1).exe
2015-01-03 18:39 - 2015-01-03 18:39 - 02173952 _____ () C:\Users\Maria\Downloads\adwcleaner_4.106.exe
2015-01-03 18:19 - 2015-01-03 18:19 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-03 18:19 - 2015-01-03 18:19 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-03 18:04 - 2015-01-03 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-03 14:09 - 2015-01-03 14:09 - 00000000 ____D () C:\Users\Maria\Desktop\REF
2015-01-03 13:19 - 2015-01-03 13:19 - 00003124 _____ () C:\WINDOWS\System32\Tasks\USER_ESRV_SVC
2015-01-03 13:19 - 2015-01-03 13:19 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2015-01-03 13:19 - 2015-01-03 13:19 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-12-29 18:16 - 2014-12-29 18:16 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 15:20 - 2014-12-26 15:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-26 15:20 - 2014-12-26 15:20 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-12-25 21:54 - 2014-12-25 21:54 - 00880784 _____ (Google Inc.) C:\Users\Maria\Downloads\ChromeSetup.exe
2014-12-25 20:32 - 2014-12-25 20:34 - 05317104 _____ (Piriform Ltd) C:\Users\Maria\Downloads\ccsetup501.exe
2014-12-25 19:17 - 2014-12-25 19:17 - 00003148 _____ () C:\WINDOWS\System32\Tasks\{371819A9-F368-4D53-B58C-6F589BB831FF}
2014-12-24 20:02 - 2014-12-24 20:02 - 00000000 ____D () C:\ProgramData\Packer
2014-12-24 20:00 - 2014-12-24 20:00 - 00003794 _____ () C:\WINDOWS\System32\Tasks\Chrome
2014-12-19 07:24 - 2014-12-19 07:24 - 00184800 _____ () C:\WINDOWS\SysWOW64\XMLOperations.xml
2014-12-16 16:01 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 16:01 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-16 15:48 - 2014-12-16 15:48 - 00001153 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-16 08:31 - 2014-12-16 08:31 - 00613057 _____ () C:\Users\Maria\AppData\Local\nsh778C.tmp
2014-12-16 08:28 - 2014-12-16 08:28 - 00002259 _____ () C:\WINDOWS\patsearch.bin
2014-12-14 19:40 - 2014-12-14 19:40 - 00628496 _____ () C:\Users\Maria\AppData\Local\nsy782F.tmp
2014-12-12 09:10 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-12 09:10 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 23:48 - 2014-12-11 23:48 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-11 19:05 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-11 19:05 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 19:02 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-11 19:02 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-11 19:02 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 19:02 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-11 19:02 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-11 19:02 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 08:38 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 08:38 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 08:37 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 08:37 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 08:37 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 08:37 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 08:37 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 08:37 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 08:37 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 08:37 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 08:37 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 08:37 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 08:37 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 08:37 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 08:37 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 08:37 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 08:37 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 08:37 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 08:37 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 08:37 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 08:37 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 08:37 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 08:37 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 08:37 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 08:37 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 08:37 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 08:37 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 08:37 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 08:37 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 08:37 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 08:37 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 08:37 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 08:37 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 08:37 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 08:37 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 08:37 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 08:37 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 08:37 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 08:37 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 08:37 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 08:37 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 08:37 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 08:37 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 08:37 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 08:37 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 10:44 - 2015-01-03 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 10:13 - 2014-06-08 07:32 - 01641888 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-04 10:10 - 2014-06-15 14:27 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8D8F0E02-1B3B-4B09-8759-EC28F59A05F3}
2015-01-04 10:04 - 2014-06-08 07:48 - 00000000 ___DO () C:\Users\Maria\OneDrive
2015-01-04 10:03 - 2013-01-02 22:16 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-04 10:02 - 2014-05-19 19:01 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-04 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-03 19:59 - 2012-12-22 21:44 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1421762867-1140521657-417625980-1001
2015-01-03 19:52 - 2013-01-03 23:11 - 00003486 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-01-03 19:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-03 19:48 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-03 19:48 - 2013-08-22 14:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-03 18:45 - 2012-12-22 21:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-03 18:20 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-03 18:20 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-03 18:20 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-03 14:38 - 2013-01-04 14:41 - 00000000 ____D () C:\Update
2015-01-03 14:37 - 2012-12-22 21:38 - 00000000 ____D () C:\Users\Maria\AppData\Local\Sony Corporation
2015-01-03 14:06 - 2014-06-10 19:42 - 03356160 ___SH () C:\Users\Maria\Desktop\Thumbs.db
2015-01-03 13:21 - 2012-09-20 04:42 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-01-03 13:21 - 2012-09-20 04:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-03 13:18 - 2012-09-20 05:13 - 00000000 ____D () C:\Program Files\Sony
2015-01-03 13:16 - 2014-06-06 08:09 - 00013792 _____ () C:\WINDOWS\system32\Drivers\semav6thermal64ro.sys
2015-01-03 13:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-03 13:01 - 2014-06-08 07:07 - 00000000 ____D () C:\Users\Maria
2014-12-25 20:37 - 2014-06-08 07:55 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-25 20:36 - 2012-12-22 23:07 - 00000000 ____D () C:\Users\Maria\AppData\Local\CrashDumps
2014-12-25 20:23 - 2014-07-07 14:59 - 00287232 ___SH () C:\Users\Maria\Downloads\Thumbs.db
2014-12-25 19:19 - 2014-06-08 07:40 - 00001450 _____ () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-25 19:14 - 2013-08-22 15:44 - 00434872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-25 19:10 - 2014-11-24 11:46 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-12-25 19:10 - 2014-11-24 11:46 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Copy
2014-12-22 12:38 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-16 15:48 - 2013-08-05 13:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-16 15:48 - 2012-12-22 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-16 15:48 - 2012-12-22 21:55 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-16 09:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-12 09:45 - 2013-01-03 10:38 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 23:48 - 2014-07-10 13:32 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-11 23:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-11 23:48 - 2013-08-18 11:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 23:40 - 2012-12-26 21:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 09:08 - 2013-01-03 21:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 19:03 - 2013-01-02 22:16 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-09 09:15 - 2013-12-11 14:51 - 00000000 ____D () C:\WINDOWS\System32\Tasks\SystemSockets
2014-12-09 09:15 - 2013-08-05 14:27 - 00000000 ____D () C:\WINDOWS\System32\Tasks\ProtectedSearch
2014-12-09 09:15 - 2013-08-05 13:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Browser Updater
2014-12-08 09:28 - 2013-10-25 10:55 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\FreeFLVConverter
2014-12-08 09:27 - 2013-10-25 11:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software

Some content of TEMP:
====================
C:\Users\Maria\AppData\Local\Temp\95143uninstall.exe
C:\Users\Maria\AppData\Local\Temp\avgnt.exe
C:\Users\Maria\AppData\Local\Temp\Quarantine.exe
C:\Users\Maria\AppData\Local\Temp\Sqlite3.dll
C:\Users\Maria\AppData\Local\Temp\ual3ypsv.dll
C:\Users\Maria\AppData\Local\Temp\yzpcczwp.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 10:17

==================== End Of Log ============================

--- --- ---

--- --- ---

M-K-D-B · 04.01.2015, 11:20

Zukünftig bitte beachten:

Zitat:

Running from C:\Users\Maria\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

Wir beginnen so:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

MariaG · 04.01.2015, 13:09

Hier die gewünschten Schritte, ich hoffe, dass ich alles richtig gemacht habe..Bei dem ersten Schritt bin ich mir unsicher.

1. Schritt:

Code:

ATTFilter

# AdwCleaner v4.106 - Bericht erstellt am 04/01/2015 um 11:44:08
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Maria - VINCE
# Gestartet von : C:\Users\Maria\Desktop\AdwCleaner_4.106(2).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [68388 octets] - [03/01/2015 18:40:35]
AdwCleaner[R1].txt - [901 octets] - [04/01/2015 11:29:47]
AdwCleaner[R2].txt - [1019 octets] - [04/01/2015 11:38:18]
AdwCleaner[S0].txt - [64060 octets] - [03/01/2015 18:42:31]
AdwCleaner[S1].txt - [961 octets] - [04/01/2015 11:33:38]
AdwCleaner[S2].txt - [942 octets] - [04/01/2015 11:44:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1001 octets] ##########

2. Schritt:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 04.01.2015 10:04:14, SYSTEM, VINCE, Scheduler, Malware Database, 2015.1.3.10, 2015.1.4.6, 
Protection, 04.01.2015 10:04:14, SYSTEM, VINCE, Protection, Refresh, Starting, 
Protection, 04.01.2015 10:04:14, SYSTEM, VINCE, Protection, Malicious Website Protection, Stopping, 
Protection, 04.01.2015 10:04:15, SYSTEM, VINCE, Protection, Malicious Website Protection, Stopped, 
Protection, 04.01.2015 10:09:55, SYSTEM, VINCE, Protection, Refresh, Success, 
Protection, 04.01.2015 10:09:55, SYSTEM, VINCE, Protection, Malicious Website Protection, Starting, 
Protection, 04.01.2015 10:09:55, SYSTEM, VINCE, Protection, Malicious Website Protection, Started, 
Protection, 04.01.2015 11:36:17, SYSTEM, VINCE, Protection, Malware Protection, Starting, 
Protection, 04.01.2015 11:36:17, SYSTEM, VINCE, Protection, Malware Protection, Started, 
Protection, 04.01.2015 11:36:17, SYSTEM, VINCE, Protection, Malicious Website Protection, Starting, 
Protection, 04.01.2015 11:37:22, SYSTEM, VINCE, Protection, Malicious Website Protection, Started, 
Protection, 04.01.2015 11:46:11, SYSTEM, VINCE, Protection, Malware Protection, Starting, 
Protection, 04.01.2015 11:46:11, SYSTEM, VINCE, Protection, Malware Protection, Started, 
Protection, 04.01.2015 11:46:11, SYSTEM, VINCE, Protection, Malicious Website Protection, Starting, 
Protection, 04.01.2015 11:47:19, SYSTEM, VINCE, Protection, Malicious Website Protection, Started, 
Scan, 04.01.2015 12:34:47, SYSTEM, VINCE, Manual, Start: % 1 "% 2", Dauer: % 1 min 31 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 13-Malwareerkennung, 
Protection, 04.01.2015 12:37:24, SYSTEM, VINCE, Protection, Malware Protection, Starting, 
Protection, 04.01.2015 12:37:24, SYSTEM, VINCE, Protection, Malware Protection, Started, 
Protection, 04.01.2015 12:37:24, SYSTEM, VINCE, Protection, Malicious Website Protection, Starting, 
Protection, 04.01.2015 12:38:11, SYSTEM, VINCE, Protection, Malicious Website Protection, Started, 

(end)

3. Schritt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Maria on 04.01.2015 at 12:49:42,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\launcher.exe"
Successfully deleted: [File] C:\WINDOWS\prefetch\SPEEDUPMYPC.EXE-45524506.pf



~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Emptied folder: C:\Users\Maria\AppData\Roaming\mozilla\firefox\profiles\sdqi7w3e.default-1384790447736\minidumps [22 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.01.2015 at 12:56:29,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Schritt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Maria (administrator) on VINCE on 04-01-2015 13:00:52
Running from C:\Users\Maria\Desktop
Loaded Profile: Maria (Available profiles: Maria)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(LaCie SA) C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-10-09] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-10-09] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-09] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-17] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896 2012-06-25] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2010-01-18] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\...\Run: [LaCie Ethernet Agent Startup] => C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe [9787904 2012-12-06] (LaCie SA)
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Maria\AppData\Roaming\Copy\CopyAgent.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk
ShortcutTarget: PackerV2.exe.lnk -> C:\Users\Maria\AppData\Local\Temp\Rau\PackerV2.exe (No File)
Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} =>  No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} =>  No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} =>  No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} =>  No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} =>  No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} =>  No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} =>  No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} =>  No File
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1421762867-1140521657-417625980-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> URL hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1375706931470.000005&tguid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&q={searchTerms}
SearchScopes: HKLM-x32 -> SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 -> TopResultURLFallback hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1375706931470.000005&tguid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Toolbar: HKLM-x32 - No Name - {da2e16d5-254c-4e11-8fed-2a1b201de379} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\sdqi7w3e.default-1384790447736
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll (Midasplayer Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\sdqi7w3e.default-1384790447736\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-08-05]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb

Chrome: 
=======
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [Disabled: dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [219776 2012-10-09] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-05-19] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-08-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-08-06] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-05] (soft Xpansion)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-08-08] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-09] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-09] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-10-09] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-05-19] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2015-01-03] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-27] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 13:00 - 2015-01-04 13:01 - 00021472 _____ () C:\Users\Maria\Desktop\FRST.txt
2015-01-04 12:56 - 2015-01-04 12:56 - 00001369 _____ () C:\Users\Maria\Desktop\JRT.txt
2015-01-04 12:49 - 2015-01-04 12:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-04 12:48 - 2015-01-04 12:48 - 01707939 _____ (Thisisu) C:\Users\Maria\Desktop\JRT.exe
2015-01-04 12:44 - 2015-01-04 12:44 - 00002060 _____ () C:\Users\Maria\Desktop\mbam.text
2015-01-04 11:48 - 2015-01-04 11:48 - 00001081 _____ () C:\Users\Maria\Desktop\erster Schritt_AdwCleaner[S2].txt
2015-01-04 11:26 - 2015-01-04 11:26 - 02173952 _____ () C:\Users\Maria\Desktop\AdwCleaner_4.106(2).exe
2015-01-04 10:34 - 2015-01-04 10:35 - 00042818 _____ () C:\Users\Maria\Downloads\Addition.txt
2015-01-04 10:33 - 2015-01-04 13:01 - 00000000 ____D () C:\FRST
2015-01-04 10:33 - 2015-01-04 10:35 - 00038882 _____ () C:\Users\Maria\Downloads\FRST.txt
2015-01-04 10:32 - 2015-01-04 10:32 - 02123776 _____ (Farbar) C:\Users\Maria\Desktop\FRST64.exe
2015-01-03 19:09 - 2015-01-04 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 19:08 - 2015-01-03 19:08 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-03 19:08 - 2015-01-03 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-03 19:08 - 2015-01-03 19:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-03 19:08 - 2015-01-03 19:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-03 19:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-03 19:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-03 19:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-03 19:06 - 2015-01-03 19:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Maria\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-03 18:52 - 2015-01-03 18:52 - 00642504 _____ () C:\Users\Maria\Downloads\setup.exe
2015-01-03 18:52 - 2015-01-03 18:52 - 00642504 _____ () C:\Users\Maria\Downloads\setup(1).exe
2015-01-03 18:45 - 2015-01-04 12:36 - 00013052 _____ () C:\WINDOWS\PFRO.log
2015-01-03 18:40 - 2015-01-04 11:44 - 00000000 ____D () C:\AdwCleaner
2015-01-03 18:39 - 2015-01-03 18:40 - 02173952 _____ () C:\Users\Maria\Downloads\adwcleaner_4.106(1).exe
2015-01-03 18:39 - 2015-01-03 18:39 - 02173952 _____ () C:\Users\Maria\Downloads\adwcleaner_4.106.exe
2015-01-03 18:19 - 2015-01-03 18:19 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-03 18:19 - 2015-01-03 18:19 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-03 18:04 - 2015-01-03 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-03 14:09 - 2015-01-04 12:14 - 00000000 ____D () C:\Users\Maria\Desktop\REF
2015-01-03 13:19 - 2015-01-03 13:19 - 00003124 _____ () C:\WINDOWS\System32\Tasks\USER_ESRV_SVC
2015-01-03 13:19 - 2015-01-03 13:19 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2015-01-03 13:19 - 2015-01-03 13:19 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-12-29 18:16 - 2014-12-29 18:16 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 15:20 - 2014-12-26 15:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-26 15:20 - 2014-12-26 15:20 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-12-25 21:54 - 2014-12-25 21:54 - 00880784 _____ (Google Inc.) C:\Users\Maria\Downloads\ChromeSetup.exe
2014-12-25 20:32 - 2014-12-25 20:34 - 05317104 _____ (Piriform Ltd) C:\Users\Maria\Downloads\ccsetup501.exe
2014-12-25 19:17 - 2014-12-25 19:17 - 00003148 _____ () C:\WINDOWS\System32\Tasks\{371819A9-F368-4D53-B58C-6F589BB831FF}
2014-12-24 20:02 - 2014-12-24 20:02 - 00000000 ____D () C:\ProgramData\Packer
2014-12-24 20:00 - 2014-12-24 20:00 - 00003794 _____ () C:\WINDOWS\System32\Tasks\Chrome
2014-12-19 07:24 - 2014-12-19 07:24 - 00184800 _____ () C:\WINDOWS\SysWOW64\XMLOperations.xml
2014-12-16 16:01 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 16:01 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-16 15:48 - 2014-12-16 15:48 - 00001153 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-16 08:31 - 2014-12-16 08:31 - 00613057 _____ () C:\Users\Maria\AppData\Local\nsh778C.tmp
2014-12-16 08:28 - 2014-12-16 08:28 - 00002259 _____ () C:\WINDOWS\patsearch.bin
2014-12-14 19:40 - 2014-12-14 19:40 - 00628496 _____ () C:\Users\Maria\AppData\Local\nsy782F.tmp
2014-12-12 09:10 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-12 09:10 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 23:48 - 2014-12-11 23:48 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-11 19:05 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-11 19:05 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 19:02 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-11 19:02 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-11 19:02 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 19:02 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-11 19:02 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-11 19:02 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 08:38 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 08:38 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 08:37 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 08:37 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 08:37 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 08:37 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 08:37 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 08:37 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 08:37 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 08:37 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 08:37 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 08:37 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 08:37 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 08:37 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 08:37 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 08:37 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 08:37 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 08:37 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 08:37 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 08:37 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 08:37 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 08:37 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 08:37 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 08:37 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 08:37 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 08:37 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 08:37 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 08:37 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 08:37 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 08:37 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 08:37 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 08:37 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 08:37 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 08:37 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 08:37 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 08:37 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 08:37 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 08:37 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 08:37 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 08:37 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 08:37 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 08:37 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 08:37 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 08:37 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 08:37 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 10:44 - 2015-01-03 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-04 12:49 - 2014-07-07 14:59 - 00360960 ___SH () C:\Users\Maria\Downloads\Thumbs.db
2015-01-04 12:44 - 2014-06-08 07:32 - 01717625 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-04 12:40 - 2014-05-19 19:01 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-04 12:40 - 2013-01-03 23:11 - 00003486 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-01-04 12:39 - 2014-06-08 07:48 - 00000000 ___DO () C:\Users\Maria\OneDrive
2015-01-04 12:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-04 12:03 - 2013-01-02 22:16 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-04 11:45 - 2013-08-22 14:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-04 10:10 - 2014-06-15 14:27 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8D8F0E02-1B3B-4B09-8759-EC28F59A05F3}
2015-01-03 19:59 - 2012-12-22 21:44 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1421762867-1140521657-417625980-1001
2015-01-03 19:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-03 18:45 - 2012-12-22 21:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-03 18:20 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-03 18:20 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-03 18:20 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-03 14:38 - 2013-01-04 14:41 - 00000000 ____D () C:\Update
2015-01-03 14:37 - 2012-12-22 21:38 - 00000000 ____D () C:\Users\Maria\AppData\Local\Sony Corporation
2015-01-03 14:06 - 2014-06-10 19:42 - 03356160 ___SH () C:\Users\Maria\Desktop\Thumbs.db
2015-01-03 13:21 - 2012-09-20 04:42 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-01-03 13:21 - 2012-09-20 04:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-03 13:18 - 2012-09-20 05:13 - 00000000 ____D () C:\Program Files\Sony
2015-01-03 13:16 - 2014-06-06 08:09 - 00013792 _____ () C:\WINDOWS\system32\Drivers\semav6thermal64ro.sys
2015-01-03 13:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-03 13:01 - 2014-06-08 07:07 - 00000000 ____D () C:\Users\Maria
2014-12-25 20:37 - 2014-06-08 07:55 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-25 20:36 - 2012-12-22 23:07 - 00000000 ____D () C:\Users\Maria\AppData\Local\CrashDumps
2014-12-25 19:19 - 2014-06-08 07:40 - 00001450 _____ () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-25 19:14 - 2013-08-22 15:44 - 00434872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-25 19:10 - 2014-11-24 11:46 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Copy
2014-12-22 12:38 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-16 15:48 - 2013-08-05 13:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-16 15:48 - 2012-12-22 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-16 15:48 - 2012-12-22 21:55 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-16 09:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-12 09:45 - 2013-01-03 10:38 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 23:48 - 2014-07-10 13:32 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-11 23:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-11 23:48 - 2013-08-18 11:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 23:40 - 2012-12-26 21:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 09:08 - 2013-01-03 21:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 19:03 - 2013-01-02 22:16 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-09 09:15 - 2013-12-11 14:51 - 00000000 ____D () C:\WINDOWS\System32\Tasks\SystemSockets
2014-12-09 09:15 - 2013-08-05 14:27 - 00000000 ____D () C:\WINDOWS\System32\Tasks\ProtectedSearch
2014-12-09 09:15 - 2013-08-05 13:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Browser Updater
2014-12-08 09:28 - 2013-10-25 10:55 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\FreeFLVConverter
2014-12-08 09:27 - 2013-10-25 11:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software

Some content of TEMP:
====================
C:\Users\Maria\AppData\Local\Temp\95143uninstall.exe
C:\Users\Maria\AppData\Local\Temp\avgnt.exe
C:\Users\Maria\AppData\Local\Temp\Quarantine.exe
C:\Users\Maria\AppData\Local\Temp\sqlite3.dll
C:\Users\Maria\AppData\Local\Temp\ual3ypsv.dll
C:\Users\Maria\AppData\Local\Temp\yzpcczwp.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 10:17

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by Maria at 2015-01-04 13:02:50
Running from C:\Users\Maria\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
A-PDF Number freeware 1.3 (HKLM-x32\...\A-PDF Number_is1) (Version:  - A-PDF.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 3932768.4759644.48.2147344384 - Audible, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1923 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5601.52 - CyberLink Corp.)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free FLV Converter V 7.6.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.0.0 - Koyote Soft)
Free Pdf Perfect Prereq (HKLM-x32\...\{dc0b7acb-e3f1-4bdb-8672-340890b4891b}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free Pdf Perfect Prereq (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Freemium Free PDF Perfect (HKLM-x32\...\{88265079-D6F4-4292-86BE-D2053E80BFE4}) (Version: 1.0 - Freemium)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HomeTab 7.1 (HKLM-x32\...\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1) (Version: 7.1 - One Floor App) <==== ATTENTION
HomeTab 7.2 (HKLM-x32\...\{16a8a845-b794-49a6-9317-7668770c7304}_is1) (Version: 7.2 - HomeTab) <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 38645) (Version: 03.05.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
LaCie Network Assistant 1.5.14.71 (HKLM\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.5.14.71 - LaCie)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft HPC Pack 2012 MS-MPI Redistributable Pack (HKLM\...\{F280A816-C0CB-4700-A3C6-9FDD8C80FD18}) (Version: 4.0.3906.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Nero BackItUp 12 Essentials (HKLM-x32\...\{0E3368AC-FB29-4C5E-938E-FA11C12D035E}) (Version: 12.0.01200 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDFCreator 1.0 (HKLM-x32\...\PDFCreator) (Version: 1.0 - OneFloorApp)
PDFTK Builder 3.5.3 (HKLM-x32\...\PDFTK Builder_is1) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.212 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Screenshot Captor 4.8 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.2 - Synaptics Incorporated)
VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Remote-Tastatur mit PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.0.08240 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1421762867-1140521657-417625980-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

03-01-2015 15:43:31 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0199B907-E7E2-44C7-BA1F-9D7A76BDEEE4} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WHomepageShield.exe <==== ATTENTION
Task: {0584150B-1D3F-4837-BAD2-8FCCDE0AA0AC} - System32\Tasks\Maria Nero LIVEBackup Merge 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-01-23] (Nero AG)
Task: {07A49F8F-E6B8-4DA2-B30F-D5E1A42DDCBD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {0A2351CC-97AD-4C9C-94F5-F9DD3BB1D503} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {150E7DF9-D935-4B61-8E0F-EE1A6756D92D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-04] ()
Task: {18E475D1-BC77-4C48-9FB5-43413A9F608C} - System32\Tasks\NCH Software\VideoPadReminder => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe
Task: {1B072BC8-2182-453E-A77A-A6A3531A9B79} - System32\Tasks\Maria Nero LIVEBackup 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-01-23] (Nero AG)
Task: {20BD2DB7-1D7D-4618-8EEC-307EFE12F865} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {21F297B1-C03B-48AC-8AB3-A89ED17E7CB2} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {231168CC-3A75-42F1-9B4E-8D592EED86B5} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {33B26C23-770F-479D-91A3-70F0205B060B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {3FCE03E8-91CA-4F98-BEF1-363ED430603E} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4045C4B2-0322-472A-92DD-7F6E07D51380} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {471CEB84-86BD-49BD-941C-CC375E72FDC7} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe <==== ATTENTION
Task: {473A1800-8627-4718-AF30-49005A22D365} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {48EC5C49-490F-4BCD-A9EC-3D83AD9617FE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {4B73B10F-FB9D-4578-B350-40AF86A33A7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {502A19B3-48D6-40C5-8252-15FF219BC601} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {5488D8DE-A7BE-40A2-8E01-5EF7B58BD956} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {565E133E-BE34-4C47-9154-40C773AF3B6D} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {582C1EC5-5008-497E-B540-2E58211AEB62} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {5C534C84-0846-4F48-B132-7567820C81E4} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5C745E6C-CBC0-4BBB-BA75-5743096E2B80} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6261E671-0F69-471A-B39E-41F196AA65C1} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {67D505FE-C0B5-4DFE-A06A-C14C5B09371F} - System32\Tasks\VAIO Care Rescue Tool => C:\Windows\Temp\VAIO Care Rescue Tool.vbs
Task: {6A842EF7-DCFF-4392-9F0A-20264CF6D91D} - System32\Tasks\{371819A9-F368-4D53-B58C-6F589BB831FF} => pcalua.exe -a C:\Users\Maria\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=step
Task: {6C59272C-8928-4D60-9A02-25E419EA61B3} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {6EC2D943-0033-407C-9A0A-EB645BEE7E46} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {6F046D63-8861-4EBA-BF9B-3F70C455443E} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-07-31] (Sony Corporation)
Task: {7E7B4AA6-7A32-49C1-9374-A0391F402546} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {809B05C8-72BF-437D-8184-FD761F3EF4DC} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {83BE66F1-A3D1-4260-9F16-ADEBC97DB94C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {91CFB927-C403-4EDD-8CA7-29429B614C74} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {9A19AC4F-C94C-43D4-9C9A-C93695D80CCC} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {9AEF4689-4B6C-4B95-B54F-228451DCDD41} - System32\Tasks\Chrome => C:\Users\Maria\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION
Task: {ADD4B51E-A5FC-44A5-90A2-22F505D01180} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {AF00F223-BE04-4AA9-88E9-5DF333D9D12E} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BB256043-DB92-4B43-8111-732117C6991B} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrowserSockets.exe <==== ATTENTION
Task: {BB39B57B-41B4-4FC8-A04F-DD0FE8113F1C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C945B0B9-595A-4860-BA47-87559B303243} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {DE4FEF2C-9D06-44BF-952C-8E720A8B29F9} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {F3334A67-A639-4820-8785-4F0C94FA9379} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {FD081810-0882-4756-8665-8ADF995FE1C2} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {FEAAD1B5-E88C-4E94-9971-1976672000DE} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {FF94A8DB-CC73-4E88-9B1D-175B4F9A8355} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-10-09 13:02 - 2012-10-09 13:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-09 12:57 - 2012-10-09 12:57 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-09 12:59 - 2012-10-09 12:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-09 13:02 - 2012-10-09 13:02 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-11-19 10:21 - 2013-11-19 10:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-20 05:10 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-01-04 15:45 - 2012-12-06 14:58 - 00194048 _____ () C:\Program Files\LaCie\Network Assistant\curllib.dll
2013-01-04 15:45 - 2012-12-06 14:58 - 00110592 _____ () C:\Program Files\LaCie\Network Assistant\OpenLDAP.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00015872 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00443904 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00060928 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2015-01-03 18:04 - 2015-01-03 18:04 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-03 18:04 - 2015-01-03 18:04 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-03 18:04 - 2015-01-03 18:04 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-09-20 04:33 - 2012-08-06 18:54 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-01-03 18:19 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Maria\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISBMgr.exe"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SweetIM"
HKLM\...\StartupApproved\Run32: => "Sweetpacks Communicator"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-1421762867-1140521657-417625980-500 - Administrator - Disabled)
Gast (S-1-5-21-1421762867-1140521657-417625980-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1421762867-1140521657-417625980-1003 - Limited - Enabled)
Maria (S-1-5-21-1421762867-1140521657-417625980-1001 - Administrator - Enabled) => C:\Users\Maria

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Description: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/04/2015 01:03:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/04/2015 01:03:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht.

Error: (01/04/2015 01:03:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/04/2015 01:03:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht.

Error: (01/04/2015 01:02:24 PM) (Source: DCOM) (EventID: 10010) (User: VINCE)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/04/2015 01:01:53 PM) (Source: DCOM) (EventID: 10010) (User: VINCE)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/04/2015 01:01:23 PM) (Source: DCOM) (EventID: 10010) (User: VINCE)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/04/2015 01:00:53 PM) (Source: DCOM) (EventID: 10010) (User: VINCE)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-04 13:03:52.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-04 13:03:52.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-04 13:03:52.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-04 13:01:55.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 13:01:49.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 12:40:43.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 12:40:24.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 12:40:24.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 12:29:45.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 12:14:25.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 52%
Total physical RAM: 3975.27 MB
Available physical RAM: 1870.39 MB
Total Pagefile: 4871.27 MB
Available Pagefile: 2336.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:668.21 GB) (Free:334.77 GB) NTFS
Drive e: () (Removable) (Total:3.69 GB) (Free:2.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 50B6019E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B · 04.01.2015, 14:07

Servus,

bitte poste mir diese Logdatei:
C:\AdwCleaner\AdwCleaner[S1].txt

Zudem hast du leider die falsche Logdatei von MBAM gepostet:

Lesestoff
MBAM-Funde posten: So gehts...
Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden.
Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.

Starte MBAM.
Klicke auf Verlauf.
Klicke auf Anwendungsprotokolle.
Klicke auf das letzte Suchlaufprotokoll mit Funden.
Klicke auf "In Zwischenablage kopieren".
Poste den Inhalt in Code-Tags [CODE] [/CODE] durch Einfügen mit Strg+V als Antwort in Deinen Thread.

Außerdem bitte SystemLook ausführen:
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:reg
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes /S
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes /S

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

MariaG · 04.01.2015, 14:23

Hallo nochmals,

Code:

ATTFilter

# AdwCleaner v4.106 - Bericht erstellt am 04/01/2015 um 11:33:38
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Maria - VINCE
# Gestartet von : C:\Users\Maria\Desktop\AdwCleaner_4.106(2).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [68388 octets] - [03/01/2015 18:40:35]
AdwCleaner[R1].txt - [901 octets] - [04/01/2015 11:29:47]
AdwCleaner[S0].txt - [64060 octets] - [03/01/2015 18:42:31]
AdwCleaner[S1].txt - [823 octets] - [04/01/2015 11:33:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [882 octets] ##########

und ich hoffe das ist die richtige Logdatei von MBAM: (mit die letzte meinste du ja die zuletzt durchgeführte? Ich dachte, dass ich diese auch vorhin schon genommen hatte..)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 04.01.2015 10:04:14, SYSTEM, VINCE, Scheduler, Malware Database, 2015.1.3.10, 2015.1.4.6, 
Protection, 04.01.2015 10:04:14, SYSTEM, VINCE, Protection, Refresh, Starting, 
Protection, 04.01.2015 10:04:14, SYSTEM, VINCE, Protection, Malicious Website Protection, Stopping, 
Protection, 04.01.2015 10:04:15, SYSTEM, VINCE, Protection, Malicious Website Protection, Stopped, 
Protection, 04.01.2015 10:09:55, SYSTEM, VINCE, Protection, Refresh, Success, 
Protection, 04.01.2015 10:09:55, SYSTEM, VINCE, Protection, Malicious Website Protection, Starting, 
Protection, 04.01.2015 10:09:55, SYSTEM, VINCE, Protection, Malicious Website Protection, Started, 
Protection, 04.01.2015 11:36:17, SYSTEM, VINCE, Protection, Malware Protection, Starting, 
Protection, 04.01.2015 11:36:17, SYSTEM, VINCE, Protection, Malware Protection, Started, 
Protection, 04.01.2015 11:36:17, SYSTEM, VINCE, Protection, Malicious Website Protection, Starting, 
Protection, 04.01.2015 11:37:22, SYSTEM, VINCE, Protection, Malicious Website Protection, Started, 
Protection, 04.01.2015 11:46:11, SYSTEM, VINCE, Protection, Malware Protection, Starting, 
Protection, 04.01.2015 11:46:11, SYSTEM, VINCE, Protection, Malware Protection, Started, 
Protection, 04.01.2015 11:46:11, SYSTEM, VINCE, Protection, Malicious Website Protection, Starting, 
Protection, 04.01.2015 11:47:19, SYSTEM, VINCE, Protection, Malicious Website Protection, Started, 
Scan, 04.01.2015 12:34:47, SYSTEM, VINCE, Manual, Start: % 1 "% 2", Dauer: % 1 min 31 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 13-Malwareerkennung, 
Protection, 04.01.2015 12:37:24, SYSTEM, VINCE, Protection, Malware Protection, Starting, 
Protection, 04.01.2015 12:37:24, SYSTEM, VINCE, Protection, Malware Protection, Started, 
Protection, 04.01.2015 12:37:24, SYSTEM, VINCE, Protection, Malicious Website Protection, Starting, 
Protection, 04.01.2015 12:38:11, SYSTEM, VINCE, Protection, Malicious Website Protection, Started, 
Detection, 04.01.2015 13:52:23, SYSTEM, VINCE, Protection, Malicious Website Protection, IP, 80.252.188.228, 29bca6cb72a665c8.se, 49914, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
Detection, 04.01.2015 13:52:23, SYSTEM, VINCE, Protection, Malicious Website Protection, IP, 80.252.188.228, 29bca6cb72a665c8.se, 49915, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
Detection, 04.01.2015 13:52:24, SYSTEM, VINCE, Protection, Malicious Website Protection, IP, 80.252.188.228, 29bca6cb72a665c8.se, 49918, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
Detection, 04.01.2015 13:52:24, SYSTEM, VINCE, Protection, Malicious Website Protection, IP, 80.252.188.228, 29bca6cb72a665c8.se, 49919, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 
Detection, 04.01.2015 13:52:24, SYSTEM, VINCE, Protection, Malicious Website Protection, IP, 80.252.188.228, 29bca6cb72a665c8.se, 49914, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, 

(end)

vielen lieben dank nochmals

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 14:22 on 04/01/2015 by Maria
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Bing"
"URL"="hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
"DisplayName"="@ieframe.dll,-12512"


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DisplayName"="Web Search"
"URL"="hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1375706931470.000005&tguid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&q={searchTerms}"
"SuggestionsURL_JSON"="hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&dbCode=1&command={searchTerms}"
"TopResultURLFallback"="hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1375706931470.000005&tguid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&q={searchTerms}"
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Bing"
"URL"="hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
"DisplayName"="@ieframe.dll,-12512"


-= EOF =-

M-K-D-B · 04.01.2015, 14:38

Servus,

so geht es weiter:

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
SearchScopes: HKLM-x32 -> URL hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1375706931470.000005&tguid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&q={searchTerms}
SearchScopes: HKLM-x32 -> SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 -> TopResultURLFallback hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1375706931470.000005&tguid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: {150E7DF9-D935-4B61-8E0F-EE1A6756D92D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-04] ()
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - No Name - {da2e16d5-254c-4e11-8fed-2a1b201de379} -  No File
CHR HKLM-x32\...\Chrome\Extension: [Disabled: dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
C:\Users\Maria\Downloads\setup*.exe
Task: {9AEF4689-4B6C-4B95-B54F-228451DCDD41} - System32\Tasks\Chrome => C:\Users\Maria\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION
Task: {BB256043-DB92-4B43-8111-732117C6991B} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrowserSockets.exe <==== ATTENTION
C:\Program Files (x86)\HomeTab
C:\Windows\System32\Tasks\SystemSockets
Task: {6A842EF7-DCFF-4392-9F0A-20264CF6D91D} - System32\Tasks\{371819A9-F368-4D53-B58C-6F589BB831FF} => pcalua.exe -a C:\Users\Maria\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=step
C:\Users\Maria\AppData\Roaming\mystartsearch
Task: {471CEB84-86BD-49BD-941C-CC375E72FDC7} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe <==== ATTENTION
C:\Windows\System32\Tasks\Browser Updater
Task: {0199B907-E7E2-44C7-BA1F-9D7A76BDEEE4} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WHomepageShield.exe <==== ATTENTION
C:\Windows\System32\Tasks\ProtectedSearch
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
HomeTab
IB Updater
ProtectedSearch
Browser Updater
SystemSockets
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von SystemLook,
die beiden neuen Logdateien von FRST.

MariaG · 04.01.2015, 15:30

Hallöchen...

1.Schritt:

Code:

ATTFilter

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by Maria at 2015-01-04 14:58:52 Run:1
Running from C:\Users\Maria\Desktop
Loaded Profile: Maria (Available profiles: Maria)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKLM-x32 -> URL hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1375706931470.000005&tguid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&q={searchTerms}
SearchScopes: HKLM-x32 -> SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 -> TopResultURLFallback hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.7&ts=1375706931470.000005&tguid=46364-3869-1375706931470-CB9FCCD8DC1CF86181291E791C54564B&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: {150E7DF9-D935-4B61-8E0F-EE1A6756D92D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-04] ()
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - No Name - {da2e16d5-254c-4e11-8fed-2a1b201de379} -  No File
CHR HKLM-x32\...\Chrome\Extension: [Disabled: dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
C:\Users\Maria\Downloads\setup*.exe
Task: {9AEF4689-4B6C-4B95-B54F-228451DCDD41} - System32\Tasks\Chrome => C:\Users\Maria\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION
Task: {BB256043-DB92-4B43-8111-732117C6991B} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrowserSockets.exe <==== ATTENTION
C:\Program Files (x86)\HomeTab
C:\Windows\System32\Tasks\SystemSockets
Task: {6A842EF7-DCFF-4392-9F0A-20264CF6D91D} - System32\Tasks\{371819A9-F368-4D53-B58C-6F589BB831FF} => pcalua.exe -a C:\Users\Maria\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=step
C:\Users\Maria\AppData\Roaming\mystartsearch
Task: {471CEB84-86BD-49BD-941C-CC375E72FDC7} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe <==== ATTENTION
C:\Windows\System32\Tasks\Browser Updater
Task: {0199B907-E7E2-44C7-BA1F-9D7A76BDEEE4} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WHomepageShield.exe <==== ATTENTION
C:\Windows\System32\Tasks\ProtectedSearch
EmptyTemp:
end
         
*****************

Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{150E7DF9-D935-4B61-8E0F-EE1A6756D92D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{150E7DF9-D935-4B61-8E0F-EE1A6756D92D}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{da2e16d5-254c-4e11-8fed-2a1b201de379} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{da2e16d5-254c-4e11-8fed-2a1b201de379}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\Disabled: dlnembnfbcpjnepmfjmngjenhhajpdfd" => Key deleted successfully.
C:\Users\Maria\Downloads\setup*.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AEF4689-4B6C-4B95-B54F-228451DCDD41}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AEF4689-4B6C-4B95-B54F-228451DCDD41}" => Key deleted successfully.
C:\Windows\System32\Tasks\Chrome => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chrome" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB256043-DB92-4B43-8111-732117C6991B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB256043-DB92-4B43-8111-732117C6991B}" => Key deleted successfully.
C:\Windows\System32\Tasks\SystemSockets\SystemSockets => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSockets\SystemSockets" => Key deleted successfully.
"C:\Program Files (x86)\HomeTab" => File/Directory not found.
C:\Windows\System32\Tasks\SystemSockets => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A842EF7-DCFF-4392-9F0A-20264CF6D91D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A842EF7-DCFF-4392-9F0A-20264CF6D91D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{371819A9-F368-4D53-B58C-6F589BB831FF} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{371819A9-F368-4D53-B58C-6F589BB831FF}" => Key deleted successfully.
"C:\Users\Maria\AppData\Roaming\mystartsearch" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{471CEB84-86BD-49BD-941C-CC375E72FDC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{471CEB84-86BD-49BD-941C-CC375E72FDC7}" => Key deleted successfully.
C:\Windows\System32\Tasks\Browser Updater\Browser Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater" => Key deleted successfully.
C:\Windows\System32\Tasks\Browser Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0199B907-E7E2-44C7-BA1F-9D7A76BDEEE4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0199B907-E7E2-44C7-BA1F-9D7A76BDEEE4}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProtectedSearch\Protected Search => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search" => Key deleted successfully.
C:\Windows\System32\Tasks\ProtectedSearch => Moved successfully.
EmptyTemp: => Removed 220.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:00:31 ====

2.Schritt:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 15:10 on 04/01/2015 by Maria
Administrator - Elevation successful

========== regfind ==========

Searching for "HomeTab"
[HKEY_CURRENT_USER\Software\NCH Software\VideoPad\MainWindow_HomeTab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25e93bf1-df51-467b-b51d-fd4bd3ddb4f9}\InprocServer32]
@="C:\Program Files\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fa0479b-417c-4317-b7cd-64b238930796}\InprocServer32]
@="C:\Program Files\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7017502F-0194-46B2-AA5A-F713E6C0E366}\LocalServer32]
@=""C:\Program Files\HomeTab\IE\wdapimng.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af02e7d2-e73d-468c-9bbc-87367e8a4faf}\InprocServer32]
@="C:\Program Files\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}\1.0\0\win32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}\1.0\0\win64]
@="C:\Program Files\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}\1.0\HELPDIR]
@="C:\Users\Maria\AppData\Roaming\HomeTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCE8060E-46B9-4825-AC35-72B596017589}\1.0\0\win32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCE8060E-46B9-4825-AC35-72B596017589}\1.0\HELPDIR]
@="C:\Program Files (x86)\HomeTab\IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}\1.0\0\win32]
@="C:\Program Files (x86)\HomeTab\IE\wdapimng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}\1.0\0\win64]
@="C:\Program Files\HomeTab\IE\wdapimng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}\1.0\HELPDIR]
@="C:\Program Files (x86)\HomeTab\IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25e93bf1-df51-467b-b51d-fd4bd3ddb4f9}\InprocServer32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6fa0479b-417c-4317-b7cd-64b238930796}\InprocServer32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7017502F-0194-46B2-AA5A-F713E6C0E366}\LocalServer32]
@=""C:\Program Files (x86)\HomeTab\IE\wdapimng.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{af02e7d2-e73d-468c-9bbc-87367e8a4faf}\InprocServer32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}\1.0\0\win32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}\1.0\0\win64]
@="C:\Program Files\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}\1.0\HELPDIR]
@="C:\Users\Maria\AppData\Roaming\HomeTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BCE8060E-46B9-4825-AC35-72B596017589}\1.0\0\win32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BCE8060E-46B9-4825-AC35-72B596017589}\1.0\HELPDIR]
@="C:\Program Files (x86)\HomeTab\IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}\1.0\0\win32]
@="C:\Program Files (x86)\HomeTab\IE\wdapimng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}\1.0\0\win64]
@="C:\Program Files\HomeTab\IE\wdapimng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}\1.0\HELPDIR]
@="C:\Program Files (x86)\HomeTab\IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F81D0DC-1355-4fac-800F-2467CF365CCD}]
"AppPath"="C:\Program Files\HomeTab\IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{92808042-fb78-4fa0-bb4f-c9a95e0e9c10}]
@="HomeTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F81D0DC-1355-4fac-800F-2467CF365CCD}]
"AppPath"="C:\Program Files (x86)\HomeTab\IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1]
"Inno Setup: App Path"="C:\Program Files (x86)\HomeTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1]
"InstallLocation"="C:\Program Files (x86)\HomeTab\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1]
"Inno Setup: Icon Group"="HomeTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1]
"DisplayName"="HomeTab 7.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1]
"DisplayIcon"="C:\Program Files (x86)\HomeTab\hometab_icon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1]
"UninstallString"=""C:\Program Files (x86)\HomeTab\unins001.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1]
"QuietUninstallString"=""C:\Program Files (x86)\HomeTab\unins001.exe" /SILENT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1]
"Publisher"="HomeTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1]
"Inno Setup: App Path"="C:\Program Files (x86)\HomeTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1]
"InstallLocation"="C:\Program Files (x86)\HomeTab\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1]
"Inno Setup: Icon Group"="HomeTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1]
"DisplayName"="HomeTab 7.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1]
"DisplayIcon"="C:\Program Files (x86)\HomeTab\hometab_icon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1]
"UninstallString"=""C:\Program Files (x86)\HomeTab\unins000.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1]
"QuietUninstallString"=""C:\Program Files (x86)\HomeTab\unins000.exe" /SILENT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25e93bf1-df51-467b-b51d-fd4bd3ddb4f9}\InprocServer32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6fa0479b-417c-4317-b7cd-64b238930796}\InprocServer32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7017502F-0194-46B2-AA5A-F713E6C0E366}\LocalServer32]
@=""C:\Program Files (x86)\HomeTab\IE\wdapimng.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{af02e7d2-e73d-468c-9bbc-87367e8a4faf}\InprocServer32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}\1.0\0\win32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}\1.0\0\win64]
@="C:\Program Files\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}\1.0\HELPDIR]
@="C:\Users\Maria\AppData\Roaming\HomeTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{BCE8060E-46B9-4825-AC35-72B596017589}\1.0\0\win32]
@="C:\Program Files (x86)\HomeTab\IE\HomeTab.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{BCE8060E-46B9-4825-AC35-72B596017589}\1.0\HELPDIR]
@="C:\Program Files (x86)\HomeTab\IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}\1.0\0\win32]
@="C:\Program Files (x86)\HomeTab\IE\wdapimng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}\1.0\0\win64]
@="C:\Program Files\HomeTab\IE\wdapimng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}\1.0\HELPDIR]
@="C:\Program Files (x86)\HomeTab\IE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{77D18138-0A68-4612-BD1E-E15413149E43}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA2F6196-3303-4F82-A6BD-1B0957317D29}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5DBCA7F1-5075-4873-8E49-B0319366AEC7}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6FEA60E5-9957-49F0-BF3B-70BB4C5E7F19}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CAD38DD5-30B0-4414-B982-82CC7FB522F1}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DF7BBEF-1A8D-4C27-933E-2DE06CE7247C}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{89F2D225-CFF7-4487-930E-8992937D19D3}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EDD9F8-A3AF-4997-AB30-CEBD87E75FDA}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{96F7A55D-3799-4D55-853C-893E7F611862}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC93B72E-8234-4F6E-BF4B-E7FF422EE70B}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24AC2C4F-B322-418E-947A-0AB34D5A41C0}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E4D79A36-98E6-42EC-A311-1D618EF87833}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{96BE1F80-D2F6-49BF-9B64-6AEC2B1E142C}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6C5D4CB3-3E54-4CDD-B71A-1A465572C0D5}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F1C2E94B-FDFF-4B28-9BBB-2D3C81C3D69D}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34C2ADE5-46A2-4D89-98C8-25A113CD38B6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9E396CB5-4A38-43F0-A995-8758E053C0EB}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6696DB87-AA5E-4C1E-90B9-F39497950509}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E6BD025D-5849-45A1-8A57-E3272D4468CC}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F6C4584-ED75-4D3B-A0D1-23C838DB51E1}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5622B0B6-02EA-41F0-966D-E94B3BCA6CEE}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B4A5F77-0BB4-4F62-AC3B-45C6320EF8C9}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E2C62E29-9258-4AF6-9F29-31DFABBA1199}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CC3D7016-6A42-41CF-8B36-818397869678}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{71FF793C-08CB-45EA-BF62-2921596A2FED}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7049ED26-1048-4DA7-9124-087348E61FE0}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D2AC8B47-C081-4964-91D7-162D3FAAB020}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26884BFD-ABF8-4AEF-BD12-78B3439352C3}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31C59764-186F-4F4A-B721-6228EEBCCF0F}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C446183A-51BC-47E3-97EB-2D961A27A342}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75478C79-D697-46CA-94B2-E5370B3C778D}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{255FCE3F-9311-4F37-A7AB-2BF4E9763332}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60400C23-3F27-4CF7-95A0-87EB57579F29}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9FF1D9C3-0163-4CCE-B5B7-F5D3219BF405}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8F7047A-2C3B-42B7-A765-29A2156F3BFD}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DEB9F2BA-2589-4DB2-A83A-10C1D30235D4}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C87B3F16-150B-4BBA-B22C-F7CFDAA4F3B2}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33F67E4C-1812-4018-B82A-13EE67A32E18}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029D5CA6-F901-48DE-9FE8-4359ECA0AA4E}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{133D99AF-6F52-4ED9-AEB8-DB070AE7ED89}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FC425857-5BF5-4DFD-8B9A-F602AC9097B2}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A170D008-9529-4E1A-862C-4D548DA7A109}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6E5211F4-D274-4871-AC93-F98087B7B507}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAFC948C-60D2-4893-9E31-CDDF868B089F}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9AE00833-34C7-4984-B60B-E722979B7C38}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D905FED-961B-4605-AA88-7068DEC9B649}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DBC80D6E-3436-42D0-8156-CAE149AE0639}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C115E7C0-DE9D-424B-9578-6D95F09E0D09}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C30EF51-79C5-46CE-8B23-F3861520CB56}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D7F756A6-BC67-45CA-87F8-F1C0B92DB04A}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E3377E-7C8F-417F-B6DC-30081F1B9BA8}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA39A7AC-A942-4DC7-8D63-D8863DB23CAF}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC8CC3D8-73DF-48A4-96E2-0C81B046F8FB}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7BF07875-3F8B-4044-8F92-ED0D136F351E}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{510B3869-910F-4E0E-BEBA-3205F290698E}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5F0C78C-F86C-4F8D-83D7-FA0ED42C8408}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108EB4D1-9D06-4937-8C9A-B0AB6823D851}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CC921567-864F-4B85-9861-F2A054BEC1CF}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B250FF70-C49D-45FA-98A6-A63417F25B71}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{52F41ABC-DBC9-40B4-8CF4-8918EECB8523}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B90E45AA-BB0C-438A-8C9B-9C903B505F5E}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{725D6170-2FF3-47D8-9134-044804C77C43}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8F30E729-DD35-485E-B6D4-5FD1FD814564}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{85C505DE-19AB-408D-A2F0-F32713604283}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C53B732A-537A-4FE3-89C2-0E89126F177D}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8684556-4E84-42E9-8E7F-83CF0F7B8D54}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{653EC6F9-4508-4536-A275-01BB800DECED}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6473C894-A5FE-4F79-8E0D-27C50E8D6A75}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A04FF3F5-D4D5-45BC-8630-A7E3C1F48C75}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C0288D0-6DC6-4609-94FF-8392FAC3237E}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0278A9D3-71B5-4EA0-ADD4-6909490C6ADA}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E65B0B9F-C71B-4807-931B-73852876F740}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D692EA92-7B44-40D7-BD5A-53E1F91F207A}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA28E721-0844-403C-B6AB-EBB14A8F4726}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{77D18138-0A68-4612-BD1E-E15413149E43}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA2F6196-3303-4F82-A6BD-1B0957317D29}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5DBCA7F1-5075-4873-8E49-B0319366AEC7}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6FEA60E5-9957-49F0-BF3B-70BB4C5E7F19}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CAD38DD5-30B0-4414-B982-82CC7FB522F1}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DF7BBEF-1A8D-4C27-933E-2DE06CE7247C}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{89F2D225-CFF7-4487-930E-8992937D19D3}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EDD9F8-A3AF-4997-AB30-CEBD87E75FDA}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{96F7A55D-3799-4D55-853C-893E7F611862}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC93B72E-8234-4F6E-BF4B-E7FF422EE70B}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24AC2C4F-B322-418E-947A-0AB34D5A41C0}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E4D79A36-98E6-42EC-A311-1D618EF87833}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{96BE1F80-D2F6-49BF-9B64-6AEC2B1E142C}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6C5D4CB3-3E54-4CDD-B71A-1A465572C0D5}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F1C2E94B-FDFF-4B28-9BBB-2D3C81C3D69D}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34C2ADE5-46A2-4D89-98C8-25A113CD38B6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9E396CB5-4A38-43F0-A995-8758E053C0EB}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6696DB87-AA5E-4C1E-90B9-F39497950509}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E6BD025D-5849-45A1-8A57-E3272D4468CC}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F6C4584-ED75-4D3B-A0D1-23C838DB51E1}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5622B0B6-02EA-41F0-966D-E94B3BCA6CEE}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B4A5F77-0BB4-4F62-AC3B-45C6320EF8C9}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E2C62E29-9258-4AF6-9F29-31DFABBA1199}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CC3D7016-6A42-41CF-8B36-818397869678}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{71FF793C-08CB-45EA-BF62-2921596A2FED}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7049ED26-1048-4DA7-9124-087348E61FE0}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D2AC8B47-C081-4964-91D7-162D3FAAB020}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26884BFD-ABF8-4AEF-BD12-78B3439352C3}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31C59764-186F-4F4A-B721-6228EEBCCF0F}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C446183A-51BC-47E3-97EB-2D961A27A342}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75478C79-D697-46CA-94B2-E5370B3C778D}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{255FCE3F-9311-4F37-A7AB-2BF4E9763332}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60400C23-3F27-4CF7-95A0-87EB57579F29}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9FF1D9C3-0163-4CCE-B5B7-F5D3219BF405}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8F7047A-2C3B-42B7-A765-29A2156F3BFD}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DEB9F2BA-2589-4DB2-A83A-10C1D30235D4}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C87B3F16-150B-4BBA-B22C-F7CFDAA4F3B2}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33F67E4C-1812-4018-B82A-13EE67A32E18}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029D5CA6-F901-48DE-9FE8-4359ECA0AA4E}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{133D99AF-6F52-4ED9-AEB8-DB070AE7ED89}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FC425857-5BF5-4DFD-8B9A-F602AC9097B2}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A170D008-9529-4E1A-862C-4D548DA7A109}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6E5211F4-D274-4871-AC93-F98087B7B507}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAFC948C-60D2-4893-9E31-CDDF868B089F}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WSystemDefender.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9AE00833-34C7-4984-B60B-E722979B7C38}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D905FED-961B-4605-AA88-7068DEC9B649}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DBC80D6E-3436-42D0-8156-CAE149AE0639}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C115E7C0-DE9D-424B-9578-6D95F09E0D09}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrokerDirect.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C30EF51-79C5-46CE-8B23-F3861520CB56}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D7F756A6-BC67-45CA-87F8-F1C0B92DB04A}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E3377E-7C8F-417F-B6DC-30081F1B9BA8}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA39A7AC-A942-4DC7-8D63-D8863DB23CAF}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC8CC3D8-73DF-48A4-96E2-0C81B046F8FB}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7BF07875-3F8B-4044-8F92-ED0D136F351E}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{510B3869-910F-4E0E-BEBA-3205F290698E}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5F0C78C-F86C-4F8D-83D7-FA0ED42C8408}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108EB4D1-9D06-4937-8C9A-B0AB6823D851}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CC921567-864F-4B85-9861-F2A054BEC1CF}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B250FF70-C49D-45FA-98A6-A63417F25B71}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{52F41ABC-DBC9-40B4-8CF4-8918EECB8523}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B90E45AA-BB0C-438A-8C9B-9C903B505F5E}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{725D6170-2FF3-47D8-9134-044804C77C43}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8F30E729-DD35-485E-B6D4-5FD1FD814564}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{85C505DE-19AB-408D-A2F0-F32713604283}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C53B732A-537A-4FE3-89C2-0E89126F177D}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8684556-4E84-42E9-8E7F-83CF0F7B8D54}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{653EC6F9-4508-4536-A275-01BB800DECED}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6473C894-A5FE-4F79-8E0D-27C50E8D6A75}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A04FF3F5-D4D5-45BC-8630-A7E3C1F48C75}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C0288D0-6DC6-4609-94FF-8392FAC3237E}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WHomepageShield.exe|Name=Protected Search|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0278A9D3-71B5-4EA0-ADD4-6909490C6ADA}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E65B0B9F-C71B-4807-931B-73852876F740}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D692EA92-7B44-40D7-BD5A-53E1F91F207A}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA28E721-0844-403C-B6AB-EBB14A8F4726}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WBrowserSockets.exe|Name=System Sockets|"
[HKEY_USERS\S-1-5-21-1421762867-1140521657-417625980-1001\Software\NCH Software\VideoPad\MainWindow_HomeTab]

Searching for "IB Updater"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1421762867-1140521657-417625980-1001\Software\IB Updater]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1421762867-1140521657-417625980-1001\Software\IB Updater\script_storage]
"product_name"="IB Updater"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater]
[HKEY_USERS\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1421762867-1140521657-417625980-1001\Software\IB Updater]
[HKEY_USERS\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1421762867-1140521657-417625980-1001\Software\IB Updater\script_storage]
"product_name"="IB Updater"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater]

Searching for "ProtectedSearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch]

Searching for "Browser Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5DBCA7F1-5075-4873-8E49-B0319366AEC7}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6FEA60E5-9957-49F0-BF3B-70BB4C5E7F19}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{96F7A55D-3799-4D55-853C-893E7F611862}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC93B72E-8234-4F6E-BF4B-E7FF422EE70B}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F1C2E94B-FDFF-4B28-9BBB-2D3C81C3D69D}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34C2ADE5-46A2-4D89-98C8-25A113CD38B6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5622B0B6-02EA-41F0-966D-E94B3BCA6CEE}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B4A5F77-0BB4-4F62-AC3B-45C6320EF8C9}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{71FF793C-08CB-45EA-BF62-2921596A2FED}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7049ED26-1048-4DA7-9124-087348E61FE0}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31C59764-186F-4F4A-B721-6228EEBCCF0F}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C446183A-51BC-47E3-97EB-2D961A27A342}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60400C23-3F27-4CF7-95A0-87EB57579F29}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9FF1D9C3-0163-4CCE-B5B7-F5D3219BF405}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C87B3F16-150B-4BBA-B22C-F7CFDAA4F3B2}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33F67E4C-1812-4018-B82A-13EE67A32E18}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029D5CA6-F901-48DE-9FE8-4359ECA0AA4E}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{133D99AF-6F52-4ED9-AEB8-DB070AE7ED89}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FC425857-5BF5-4DFD-8B9A-F602AC9097B2}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A170D008-9529-4E1A-862C-4D548DA7A109}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9AE00833-34C7-4984-B60B-E722979B7C38}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D905FED-961B-4605-AA88-7068DEC9B649}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E3377E-7C8F-417F-B6DC-30081F1B9BA8}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA39A7AC-A942-4DC7-8D63-D8863DB23CAF}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{510B3869-910F-4E0E-BEBA-3205F290698E}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5F0C78C-F86C-4F8D-83D7-FA0ED42C8408}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108EB4D1-9D06-4937-8C9A-B0AB6823D851}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CC921567-864F-4B85-9861-F2A054BEC1CF}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B250FF70-C49D-45FA-98A6-A63417F25B71}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{52F41ABC-DBC9-40B4-8CF4-8918EECB8523}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B90E45AA-BB0C-438A-8C9B-9C903B505F5E}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{725D6170-2FF3-47D8-9134-044804C77C43}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C53B732A-537A-4FE3-89C2-0E89126F177D}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8684556-4E84-42E9-8E7F-83CF0F7B8D54}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0278A9D3-71B5-4EA0-ADD4-6909490C6ADA}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E65B0B9F-C71B-4807-931B-73852876F740}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5DBCA7F1-5075-4873-8E49-B0319366AEC7}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6FEA60E5-9957-49F0-BF3B-70BB4C5E7F19}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{96F7A55D-3799-4D55-853C-893E7F611862}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC93B72E-8234-4F6E-BF4B-E7FF422EE70B}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F1C2E94B-FDFF-4B28-9BBB-2D3C81C3D69D}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34C2ADE5-46A2-4D89-98C8-25A113CD38B6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5622B0B6-02EA-41F0-966D-E94B3BCA6CEE}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B4A5F77-0BB4-4F62-AC3B-45C6320EF8C9}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{71FF793C-08CB-45EA-BF62-2921596A2FED}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7049ED26-1048-4DA7-9124-087348E61FE0}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31C59764-186F-4F4A-B721-6228EEBCCF0F}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C446183A-51BC-47E3-97EB-2D961A27A342}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60400C23-3F27-4CF7-95A0-87EB57579F29}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9FF1D9C3-0163-4CCE-B5B7-F5D3219BF405}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C87B3F16-150B-4BBA-B22C-F7CFDAA4F3B2}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33F67E4C-1812-4018-B82A-13EE67A32E18}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029D5CA6-F901-48DE-9FE8-4359ECA0AA4E}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{133D99AF-6F52-4ED9-AEB8-DB070AE7ED89}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FC425857-5BF5-4DFD-8B9A-F602AC9097B2}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A170D008-9529-4E1A-862C-4D548DA7A109}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\TBUpdater.dll|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9AE00833-34C7-4984-B60B-E722979B7C38}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D905FED-961B-4605-AA88-7068DEC9B649}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WPackageUpgrade.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E3377E-7C8F-417F-B6DC-30081F1B9BA8}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA39A7AC-A942-4DC7-8D63-D8863DB23CAF}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{510B3869-910F-4E0E-BEBA-3205F290698E}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5F0C78C-F86C-4F8D-83D7-FA0ED42C8408}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108EB4D1-9D06-4937-8C9A-B0AB6823D851}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CC921567-864F-4B85-9861-F2A054BEC1CF}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B250FF70-C49D-45FA-98A6-A63417F25B71}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{52F41ABC-DBC9-40B4-8CF4-8918EECB8523}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B90E45AA-BB0C-438A-8C9B-9C903B505F5E}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{725D6170-2FF3-47D8-9134-044804C77C43}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C53B732A-537A-4FE3-89C2-0E89126F177D}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8684556-4E84-42E9-8E7F-83CF0F7B8D54}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0278A9D3-71B5-4EA0-ADD4-6909490C6ADA}"="v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E65B0B9F-C71B-4807-931B-73852876F740}"="v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\WRemoteUpdater.exe|Name=Browser Updater|"

Searching for "SystemSockets"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSockets]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E6BD025D-5849-45A1-8A57-E3272D4468CC}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F6C4584-ED75-4D3B-A0D1-23C838DB51E1}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E2C62E29-9258-4AF6-9F29-31DFABBA1199}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CC3D7016-6A42-41CF-8B36-818397869678}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D2AC8B47-C081-4964-91D7-162D3FAAB020}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26884BFD-ABF8-4AEF-BD12-78B3439352C3}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75478C79-D697-46CA-94B2-E5370B3C778D}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{255FCE3F-9311-4F37-A7AB-2BF4E9763332}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8F7047A-2C3B-42B7-A765-29A2156F3BFD}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DEB9F2BA-2589-4DB2-A83A-10C1D30235D4}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E6BD025D-5849-45A1-8A57-E3272D4468CC}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F6C4584-ED75-4D3B-A0D1-23C838DB51E1}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E2C62E29-9258-4AF6-9F29-31DFABBA1199}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CC3D7016-6A42-41CF-8B36-818397869678}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D2AC8B47-C081-4964-91D7-162D3FAAB020}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26884BFD-ABF8-4AEF-BD12-78B3439352C3}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75478C79-D697-46CA-94B2-E5370B3C778D}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{255FCE3F-9311-4F37-A7AB-2BF4E9763332}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8F7047A-2C3B-42B7-A765-29A2156F3BFD}"="v2.20|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DEB9F2BA-2589-4DB2-A83A-10C1D30235D4}"="v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HomeTab\SystemSockets.exe|Name=System Sockets|"

-= EOF =-

MariaG · 04.01.2015, 15:31

3.Schritt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Maria (administrator) on VINCE on 04-01-2015 15:18:53
Running from C:\Users\Maria\Desktop
Loaded Profile: Maria (Available profiles: Maria)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(LaCie SA) C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
() C:\Users\Maria\Desktop\SystemLook_x64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-10-09] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-10-09] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-09] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-17] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896 2012-06-25] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2010-01-18] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\...\Run: [LaCie Ethernet Agent Startup] => C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe [9787904 2012-12-06] (LaCie SA)
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Maria\AppData\Roaming\Copy\CopyAgent.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PackerV2.exe.lnk
ShortcutTarget: PackerV2.exe.lnk -> C:\Users\Maria\AppData\Local\Temp\Rau\PackerV2.exe (No File)
Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} =>  No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} =>  No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} =>  No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} =>  No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} =>  No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} =>  No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} =>  No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} =>  No File
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1421762867-1140521657-417625980-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent64.dll (soft Xpansion)
Toolbar: HKLM-x32 - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files (x86)\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\sdqi7w3e.default-1384790447736
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll (Midasplayer Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\sdqi7w3e.default-1384790447736\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb
FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-08-05]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb

Chrome: 
=======
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [219776 2012-10-09] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-05-19] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-08-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-08-06] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-05] (soft Xpansion)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-08-08] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-09] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-09] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-10-09] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-05-19] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2015-01-03] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-27] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 15:08 - 2015-01-04 15:08 - 00165376 _____ () C:\Users\Maria\Desktop\SystemLook_x64.exe
2015-01-04 14:22 - 2015-01-04 15:16 - 00148012 _____ () C:\Users\Maria\Desktop\SystemLook.txt
2015-01-04 13:02 - 2015-01-04 13:05 - 00031953 _____ () C:\Users\Maria\Desktop\Addition.txt
2015-01-04 13:00 - 2015-01-04 15:19 - 00020277 _____ () C:\Users\Maria\Desktop\FRST.txt
2015-01-04 12:56 - 2015-01-04 12:56 - 00001369 _____ () C:\Users\Maria\Desktop\JRT.txt
2015-01-04 12:49 - 2015-01-04 12:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-04 12:48 - 2015-01-04 12:48 - 01707939 _____ (Thisisu) C:\Users\Maria\Desktop\JRT.exe
2015-01-04 12:44 - 2015-01-04 12:44 - 00002060 _____ () C:\Users\Maria\Desktop\mbam.text
2015-01-04 11:48 - 2015-01-04 11:48 - 00001081 _____ () C:\Users\Maria\Desktop\erster Schritt_AdwCleaner[S2].txt
2015-01-04 11:33 - 2015-01-04 11:33 - 00000961 _____ () C:\Users\Maria\Desktop\AdwCleaner[S1].txt
2015-01-04 11:26 - 2015-01-04 11:26 - 02173952 _____ () C:\Users\Maria\Desktop\AdwCleaner_4.106(2).exe
2015-01-04 10:34 - 2015-01-04 10:35 - 00042818 _____ () C:\Users\Maria\Downloads\Addition.txt
2015-01-04 10:33 - 2015-01-04 15:18 - 00000000 ____D () C:\FRST
2015-01-04 10:33 - 2015-01-04 10:35 - 00038882 _____ () C:\Users\Maria\Downloads\FRST.txt
2015-01-04 10:32 - 2015-01-04 10:32 - 02123776 _____ (Farbar) C:\Users\Maria\Desktop\FRST64.exe
2015-01-03 19:09 - 2015-01-04 15:03 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 19:08 - 2015-01-03 19:08 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-03 19:08 - 2015-01-03 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-03 19:08 - 2015-01-03 19:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-03 19:08 - 2015-01-03 19:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-03 19:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-03 19:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-03 19:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-03 19:06 - 2015-01-03 19:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Maria\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-03 18:45 - 2015-01-04 15:01 - 00013400 _____ () C:\WINDOWS\PFRO.log
2015-01-03 18:40 - 2015-01-04 14:15 - 00000000 ____D () C:\AdwCleaner
2015-01-03 18:39 - 2015-01-03 18:40 - 02173952 _____ () C:\Users\Maria\Downloads\adwcleaner_4.106(1).exe
2015-01-03 18:39 - 2015-01-03 18:39 - 02173952 _____ () C:\Users\Maria\Downloads\adwcleaner_4.106.exe
2015-01-03 18:19 - 2015-01-03 18:19 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-03 18:19 - 2015-01-03 18:19 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-03 18:04 - 2015-01-03 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-03 14:09 - 2015-01-04 12:14 - 00000000 ____D () C:\Users\Maria\Desktop\REF
2015-01-03 13:19 - 2015-01-03 13:19 - 00003124 _____ () C:\WINDOWS\System32\Tasks\USER_ESRV_SVC
2015-01-03 13:19 - 2015-01-03 13:19 - 00002060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2015-01-03 13:19 - 2015-01-03 13:19 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-12-29 18:16 - 2014-12-29 18:16 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 15:20 - 2014-12-26 15:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-26 15:20 - 2014-12-26 15:20 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-12-25 21:54 - 2014-12-25 21:54 - 00880784 _____ (Google Inc.) C:\Users\Maria\Downloads\ChromeSetup.exe
2014-12-25 20:32 - 2014-12-25 20:34 - 05317104 _____ (Piriform Ltd) C:\Users\Maria\Downloads\ccsetup501.exe
2014-12-24 20:02 - 2014-12-24 20:02 - 00000000 ____D () C:\ProgramData\Packer
2014-12-19 07:24 - 2014-12-19 07:24 - 00184800 _____ () C:\WINDOWS\SysWOW64\XMLOperations.xml
2014-12-16 16:01 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 16:01 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-16 15:48 - 2014-12-16 15:48 - 00001153 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-16 08:31 - 2014-12-16 08:31 - 00613057 _____ () C:\Users\Maria\AppData\Local\nsh778C.tmp
2014-12-16 08:28 - 2014-12-16 08:28 - 00002259 _____ () C:\WINDOWS\patsearch.bin
2014-12-14 19:40 - 2014-12-14 19:40 - 00628496 _____ () C:\Users\Maria\AppData\Local\nsy782F.tmp
2014-12-12 09:10 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-12 09:10 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 23:48 - 2014-12-11 23:48 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-11 19:05 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-11 19:05 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 19:02 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-11 19:02 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-11 19:02 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-11 19:02 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 19:02 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-11 19:02 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-11 19:02 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 08:38 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 08:38 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 08:37 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 08:37 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 08:37 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 08:37 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 08:37 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 08:37 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 08:37 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 08:37 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 08:37 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 08:37 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 08:37 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 08:37 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 08:37 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 08:37 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 08:37 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 08:37 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 08:37 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 08:37 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 08:37 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 08:37 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 08:37 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 08:37 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 08:37 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 08:37 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 08:37 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 08:37 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 08:37 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 08:37 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 08:37 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 08:37 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 08:37 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 08:37 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 08:37 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 08:37 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 08:37 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 08:37 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 08:37 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 08:37 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 08:37 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 08:37 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 08:37 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 08:37 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 08:37 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 10:44 - 2015-01-03 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 15:10 - 2014-06-08 07:32 - 01740631 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-04 15:06 - 2014-05-19 19:01 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-04 15:04 - 2014-06-08 07:48 - 00000000 ___DO () C:\Users\Maria\OneDrive
2015-01-04 15:03 - 2013-01-02 22:16 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-04 15:01 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-04 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-04 13:05 - 2012-12-26 21:59 - 00000000 ____D () C:\Users\Maria\AppData\Local\Thunderbird
2015-01-04 12:49 - 2014-07-07 14:59 - 00360960 ___SH () C:\Users\Maria\Downloads\Thumbs.db
2015-01-04 11:45 - 2013-08-22 14:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-04 10:10 - 2014-06-15 14:27 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8D8F0E02-1B3B-4B09-8759-EC28F59A05F3}
2015-01-03 19:59 - 2012-12-22 21:44 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1421762867-1140521657-417625980-1001
2015-01-03 19:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-03 18:45 - 2012-12-22 21:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-03 18:20 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-03 18:20 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-03 18:20 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-03 14:38 - 2013-01-04 14:41 - 00000000 ____D () C:\Update
2015-01-03 14:37 - 2012-12-22 21:38 - 00000000 ____D () C:\Users\Maria\AppData\Local\Sony Corporation
2015-01-03 14:06 - 2014-06-10 19:42 - 03356160 ___SH () C:\Users\Maria\Desktop\Thumbs.db
2015-01-03 13:21 - 2012-09-20 04:42 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-01-03 13:21 - 2012-09-20 04:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-03 13:18 - 2012-09-20 05:13 - 00000000 ____D () C:\Program Files\Sony
2015-01-03 13:16 - 2014-06-06 08:09 - 00013792 _____ () C:\WINDOWS\system32\Drivers\semav6thermal64ro.sys
2015-01-03 13:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-03 13:01 - 2014-06-08 07:07 - 00000000 ____D () C:\Users\Maria
2014-12-25 20:37 - 2014-06-08 07:55 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-25 20:36 - 2012-12-22 23:07 - 00000000 ____D () C:\Users\Maria\AppData\Local\CrashDumps
2014-12-25 19:19 - 2014-06-08 07:40 - 00001450 _____ () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-25 19:14 - 2013-08-22 15:44 - 00434872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-25 19:10 - 2014-11-24 11:46 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Copy
2014-12-22 12:38 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-16 15:48 - 2013-08-05 13:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-16 15:48 - 2012-12-22 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-16 15:48 - 2012-12-22 21:55 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-16 09:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-12 09:45 - 2013-01-03 10:38 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 23:48 - 2014-07-10 13:32 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-11 23:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 23:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 23:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-11 23:48 - 2013-08-18 11:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 23:40 - 2012-12-26 21:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 09:08 - 2013-01-03 21:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 19:03 - 2013-01-02 22:16 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-08 09:28 - 2013-10-25 10:55 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\FreeFLVConverter
2014-12-08 09:27 - 2013-10-25 11:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software

Some content of TEMP:
====================
C:\Users\Maria\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 10:17

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by Maria at 2015-01-04 15:20:31
Running from C:\Users\Maria\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
A-PDF Number freeware 1.3 (HKLM-x32\...\A-PDF Number_is1) (Version:  - A-PDF.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 3932768.4759644.48.2147344384 - Audible, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1923 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5601.52 - CyberLink Corp.)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free FLV Converter V 7.6.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.0.0 - Koyote Soft)
Free Pdf Perfect Prereq (HKLM-x32\...\{dc0b7acb-e3f1-4bdb-8672-340890b4891b}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free Pdf Perfect Prereq (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Freemium Free PDF Perfect (HKLM-x32\...\{88265079-D6F4-4292-86BE-D2053E80BFE4}) (Version: 1.0 - Freemium)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HomeTab 7.1 (HKLM-x32\...\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1) (Version: 7.1 - One Floor App) <==== ATTENTION
HomeTab 7.2 (HKLM-x32\...\{16a8a845-b794-49a6-9317-7668770c7304}_is1) (Version: 7.2 - HomeTab) <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 38645) (Version: 03.05.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
LaCie Network Assistant 1.5.14.71 (HKLM\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.5.14.71 - LaCie)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft HPC Pack 2012 MS-MPI Redistributable Pack (HKLM\...\{F280A816-C0CB-4700-A3C6-9FDD8C80FD18}) (Version: 4.0.3906.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Nero BackItUp 12 Essentials (HKLM-x32\...\{0E3368AC-FB29-4C5E-938E-FA11C12D035E}) (Version: 12.0.01200 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDFCreator 1.0 (HKLM-x32\...\PDFCreator) (Version: 1.0 - OneFloorApp)
PDFTK Builder 3.5.3 (HKLM-x32\...\PDFTK Builder_is1) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.212 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Screenshot Captor 4.8 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.2 - Synaptics Incorporated)
VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Remote-Tastatur mit PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.0.08240 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1421762867-1140521657-417625980-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

03-01-2015 15:43:31 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0584150B-1D3F-4837-BAD2-8FCCDE0AA0AC} - System32\Tasks\Maria Nero LIVEBackup Merge 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-01-23] (Nero AG)
Task: {07A49F8F-E6B8-4DA2-B30F-D5E1A42DDCBD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {0A2351CC-97AD-4C9C-94F5-F9DD3BB1D503} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {18E475D1-BC77-4C48-9FB5-43413A9F608C} - System32\Tasks\NCH Software\VideoPadReminder => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe
Task: {1B072BC8-2182-453E-A77A-A6A3531A9B79} - System32\Tasks\Maria Nero LIVEBackup 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-01-23] (Nero AG)
Task: {20BD2DB7-1D7D-4618-8EEC-307EFE12F865} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {21F297B1-C03B-48AC-8AB3-A89ED17E7CB2} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {231168CC-3A75-42F1-9B4E-8D592EED86B5} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {33B26C23-770F-479D-91A3-70F0205B060B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {3FCE03E8-91CA-4F98-BEF1-363ED430603E} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4045C4B2-0322-472A-92DD-7F6E07D51380} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {473A1800-8627-4718-AF30-49005A22D365} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {48EC5C49-490F-4BCD-A9EC-3D83AD9617FE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {4B73B10F-FB9D-4578-B350-40AF86A33A7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {502A19B3-48D6-40C5-8252-15FF219BC601} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {565E133E-BE34-4C47-9154-40C773AF3B6D} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {582C1EC5-5008-497E-B540-2E58211AEB62} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {5C534C84-0846-4F48-B132-7567820C81E4} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5C745E6C-CBC0-4BBB-BA75-5743096E2B80} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6261E671-0F69-471A-B39E-41F196AA65C1} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {67D505FE-C0B5-4DFE-A06A-C14C5B09371F} - System32\Tasks\VAIO Care Rescue Tool => C:\Windows\Temp\VAIO Care Rescue Tool.vbs
Task: {6C59272C-8928-4D60-9A02-25E419EA61B3} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {6EC2D943-0033-407C-9A0A-EB645BEE7E46} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {6F046D63-8861-4EBA-BF9B-3F70C455443E} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-07-31] (Sony Corporation)
Task: {7E7B4AA6-7A32-49C1-9374-A0391F402546} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {809B05C8-72BF-437D-8184-FD761F3EF4DC} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {83BE66F1-A3D1-4260-9F16-ADEBC97DB94C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {91CFB927-C403-4EDD-8CA7-29429B614C74} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {985A660B-59C1-4C94-87CD-40945A315D26} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {9A19AC4F-C94C-43D4-9C9A-C93695D80CCC} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {ADD4B51E-A5FC-44A5-90A2-22F505D01180} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {AF00F223-BE04-4AA9-88E9-5DF333D9D12E} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BB39B57B-41B4-4FC8-A04F-DD0FE8113F1C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C945B0B9-595A-4860-BA47-87559B303243} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {DE4FEF2C-9D06-44BF-952C-8E720A8B29F9} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {F3334A67-A639-4820-8785-4F0C94FA9379} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {FD081810-0882-4756-8665-8ADF995FE1C2} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {FEAAD1B5-E88C-4E94-9971-1976672000DE} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {FF94A8DB-CC73-4E88-9B1D-175B4F9A8355} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-10-09 13:02 - 2012-10-09 13:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-09 12:57 - 2012-10-09 12:57 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-09 12:59 - 2012-10-09 12:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-09 13:02 - 2012-10-09 13:02 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-11-19 10:21 - 2013-11-19 10:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2015-01-04 15:08 - 2015-01-04 15:08 - 00165376 _____ () C:\Users\Maria\Desktop\SystemLook_x64.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-04 15:45 - 2012-12-06 14:58 - 00194048 _____ () C:\Program Files\LaCie\Network Assistant\curllib.dll
2013-01-04 15:45 - 2012-12-06 14:58 - 00110592 _____ () C:\Program Files\LaCie\Network Assistant\OpenLDAP.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00015872 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00443904 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-09-20 05:00 - 2012-06-25 14:47 - 00060928 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2012-09-20 05:10 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-03 18:04 - 2015-01-03 18:04 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-03 18:04 - 2015-01-03 18:04 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-03 18:04 - 2015-01-03 18:04 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-03 18:19 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-09-20 04:33 - 2012-08-06 18:54 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Maria\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISBMgr.exe"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SweetIM"
HKLM\...\StartupApproved\Run32: => "Sweetpacks Communicator"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-1421762867-1140521657-417625980-500 - Administrator - Disabled)
Gast (S-1-5-21-1421762867-1140521657-417625980-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1421762867-1140521657-417625980-1003 - Limited - Enabled)
Maria (S-1-5-21-1421762867-1140521657-417625980-1001 - Administrator - Enabled) => C:\Users\Maria

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Description: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 02:02:11 PM) (Source: BackItUp6) (EventID: 3374) (User: )
Description: Sicherung ist fehlgeschlagen.

Error: (01/04/2015 02:02:11 PM) (Source: BackItUp6) (EventID: 6277) (User: )
Description: Die Ausführung des Jobs ist fehlgeschlagen, da das gewählte Ziel (F:\) für Job (Maria Nero LIVEBackup) nicht existiert oder nicht darauf zugegriffen werden kann.


System errors:
=============
Error: (01/04/2015 02:59:56 PM) (Source: DCOM) (EventID: 10010) (User: VINCE)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/04/2015 02:59:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (01/04/2015 02:59:26 PM) (Source: DCOM) (EventID: 10010) (User: VINCE)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/04/2015 02:59:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/04/2015 02:59:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/04/2015 02:59:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/04/2015 02:59:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VCService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/04/2015 02:59:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VUAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/04/2015 02:59:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Energy Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/04/2015 02:59:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IconMan_R" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (01/04/2015 02:02:11 PM) (Source: BackItUp6) (EventID: 3374) (User: )
Description: Sicherung ist fehlgeschlagen.

Error: (01/04/2015 02:02:11 PM) (Source: BackItUp6) (EventID: 6277) (User: )
Description: Die Ausführung des Jobs ist fehlgeschlagen, da das gewählte Ziel (F:\) für Job (Maria Nero LIVEBackup) nicht existiert oder nicht darauf zugegriffen werden kann.


CodeIntegrity Errors:
===================================
  Date: 2015-01-04 15:06:02.158
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 15:05:38.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 14:51:46.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 14:41:33.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 14:35:33.982
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 14:21:07.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 13:17:19.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-04 13:03:52.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-04 13:03:52.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-04 13:03:52.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 60%
Total physical RAM: 3975.27 MB
Available physical RAM: 1580.64 MB
Total Pagefile: 4871.27 MB
Available Pagefile: 1851.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:668.21 GB) (Free:334.99 GB) NTFS
Drive e: () (Removable) (Total:3.69 GB) (Free:2.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 50B6019E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Viele liebe Grüße

M-K-D-B · 05.01.2015, 12:52

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\SweetIM
DeleteKey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\Sweetpacks Communicator
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25e93bf1-df51-467b-b51d-fd4bd3ddb4f9}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fa0479b-417c-4317-b7cd-64b238930796}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7017502F-0194-46B2-AA5A-F713E6C0E366}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af02e7d2-e73d-468c-9bbc-87367e8a4faf}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCE8060E-46B9-4825-AC35-72B596017589}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F81D0DC-1355-4fac-800F-2467CF365CCD}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{92808042-fb78-4fa0-bb4f-c9a95e0e9c10}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1421762867-1140521657-417625980-1001\Software\IB Updater
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSockets
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von HitmanPro,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

MariaG · 06.01.2015, 10:01

Hallo lieber Matthias,

1. Schritt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by Maria at 2015-01-05 22:00:02 Run:2
Running from C:\Users\Maria\Desktop
Loaded Profiles: Maria (Available profiles: Maria)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-1421762867-1140521657-417625980-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
DeleteKey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\SweetIM
DeleteKey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\Sweetpacks Communicator
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25e93bf1-df51-467b-b51d-fd4bd3ddb4f9}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fa0479b-417c-4317-b7cd-64b238930796}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7017502F-0194-46B2-AA5A-F713E6C0E366}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af02e7d2-e73d-468c-9bbc-87367e8a4faf}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCE8060E-46B9-4825-AC35-72B596017589}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F81D0DC-1355-4fac-800F-2467CF365CCD}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{92808042-fb78-4fa0-bb4f-c9a95e0e9c10}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1421762867-1140521657-417625980-1001\Software\IB Updater
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSockets
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater
EmptyTemp:
end
         
*****************

Processes closed successfully.
"HKU\S-1-5-21-1421762867-1140521657-417625980-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\SweetIM => Key not found. 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\Sweetpacks Communicator => Key not found. 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25e93bf1-df51-467b-b51d-fd4bd3ddb4f9} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25e93bf1-df51-467b-b51d-fd4bd3ddb4f9} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fa0479b-417c-4317-b7cd-64b238930796} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fa0479b-417c-4317-b7cd-64b238930796} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7017502F-0194-46B2-AA5A-F713E6C0E366} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7017502F-0194-46B2-AA5A-F713E6C0E366} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af02e7d2-e73d-468c-9bbc-87367e8a4faf} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af02e7d2-e73d-468c-9bbc-87367e8a4faf} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B191EA7-F309-4D2F-AAA5-C77D84D29CCD} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCE8060E-46B9-4825-AC35-72B596017589} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCE8060E-46B9-4825-AC35-72B596017589} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F25FAEB1-AC58-4FE7-A2EB-F58578FA4A06} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F81D0DC-1355-4fac-800F-2467CF365CCD} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16a8a845-b794-49a6-9317-7668770c7304}_is1 => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1 => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1421762867-1140521657-417625980-1001\Software\IB Updater => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1421762867-1140521657-417625980-1001\Software\IB Updater => Key Deleted Successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSockets => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater => Key Deleted successfully.
EmptyTemp: => Removed 19 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 22:00:09 ====

2.Schritt

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.9.232
www.hitmanpro.com

   Computer name . . . . : VINCE
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : VINCE\Maria
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-01-05 22:11:23
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 10m 7s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 21

   Objects scanned . . . : 2.173.453
   Files scanned . . . . : 91.367
   Remnants scanned  . . : 899.386 files / 1.182.700 keys

Malware _____________________________________________________________________

   C:\ProgramData\Packer\Files\Agent\Agent.exe -> Deleted
      Size . . . . . . . : 3.299.748 bytes
      Age  . . . . . . . : 11.1 days (2014-12-25 20:17:44)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 6CABD7082DEA5BAAF72AFA23EB2D732D84925234C7E0CEE695DD22D92317B098
    > Bitdefender  . . . : Adware.Generic.1067946
      Fuzzy  . . . . . . : 107.0
      Forensic Cluster
         -0.5s C:\ProgramData\Packer\Files\InstallationConfiguration\
         -0.5s C:\ProgramData\Packer\Files\
         -0.3s C:\ProgramData\Packer\Files\Agent\
          0.0s C:\ProgramData\Packer\Files\Agent\Agent.exe

   C:\ProgramData\Packer\Files\Kraus\Kraus.exe -> Deleted
      Size . . . . . . . : 326.155 bytes
      Age  . . . . . . . : 11.1 days (2014-12-25 20:22:54)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : 7BCAD507D86BD7AC658ACFD1FEE66F2A4D2E3973209B3D401F73650B5AF8D93C
    > Bitdefender  . . . : Gen:Variant.Kazy.520148
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Agent.bbq
      Fuzzy  . . . . . . : 103.0
      Forensic Cluster
         -5.0s C:\ProgramData\Packer\Files\Kraus\
          0.0s C:\ProgramData\Packer\Files\Kraus\Kraus.exe
          3.8s C:\ProgramData\Packer\Files\InstallationConfiguration\InstallationConfiguration.xml


Suspicious files ____________________________________________________________

   C:\Users\Maria\Desktop\FRST64.exe -> Deleted
      Size . . . . . . . : 2.123.776 bytes
      Age  . . . . . . . : 1.5 days (2015-01-04 10:32:20)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : DE828BB1AEA235A631FBB7C7F98A7F3D4133413918F38004D3D518F5BB73BFDC
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ (CertifiedToolbar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Loader\Iminent (Iminent) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent) -> PendingDelete
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent) -> PendingDelete
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent) -> PendingDelete
   HKU\.DEFAULT\Software\ImInstaller\ (Sweetpacks) -> Deleted
   HKU\S-1-5-18\Software\ImInstaller\ (Sweetpacks) -> PendingDelete
   HKU\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro) -> Deleted
   HKU\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
   HKU\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro) -> Deleted
   HKU\S-1-5-21-1421762867-1140521657-417625980-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},\ (SearchQU) -> Deleted

3.Schritt:

Code:

ATTFilter

# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a36ebd48db035f40af4389cc6240e301
# engine=21827
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-06 12:31:00
# local_time=2015-01-06 01:31:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 16551 285927550 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4683209 45385553 0 0
# scanned=499107
# found=55
# cleaned=0
# scan_time=9765
sh=984A756CCC52B4FB93431768C789239CC6CD5958 ft=1 fh=c71c001148eb71fa vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\DGChrome.exe.vir"
sh=7CE35DF58CE7EBEBFE0C71FFAC4EBAC751C75DAB ft=1 fh=e7d91f2912eea07d vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Extension32.dll.vir"
sh=B26FCE1710A14F9478A431C0DC29C756BA8E93C7 ft=1 fh=034b36194f0ad359 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Extension64.dll.vir"
sh=C47111EE63DAAA04F05C1A4D7D9DE6021485C50E ft=1 fh=b99ee88b7193c278 vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\ExtensionUpdaterService.exe.vir"
sh=4B375C56AEA82FBD6D0443680F5A84F1343321B3 ft=1 fh=20f9982e758ea8b0 vn="Variante von Win32/Toolbar.BitCocktail.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\InstallerHelper.dll.vir"
sh=3A4F3637CCDD3988726EC2B89914C11C9E61D88F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\source.crx.vir"
sh=ADA4D7FBCB68A5D51D2B9940F5155D136266D703 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\main.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\resources\localscript.js.vir"
sh=82A451CEAC179B0F4AD0D07BD02BC5B55CC034B3 ft=1 fh=f0eca5be65f57f24 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=74EA25D123368D7F83477C0288FC18A6ADD27E8D ft=1 fh=5b6390f96fad96f8 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir"
sh=289A1D60153DC17EDD4B33F103BBC19233209649 ft=1 fh=8dec6def2473ee75 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir"
sh=310E6B0E1CCD1A465CC2812EED71F741AD1ABFD6 ft=1 fh=5a6c95e78c9c90f6 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir"
sh=BE622CC1BBBB5490BABB12FBE87736578B4C92C2 ft=1 fh=cd85c27e08074ccb vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir"
sh=D3843323D5DC4AD570F53AD7302A8A43A51BFAA3 ft=1 fh=b9c0070db0f2fc04 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptc.dll.vir"
sh=A3CA6BB5C231F3B21864906FCBA7D1284ED68E7B ft=1 fh=d64e2b3b4b50fef9 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir"
sh=B3DC7558D2C76F988CAB819CCB9B0060087A7C70 ft=1 fh=9227631f22d31e37 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.00.exe.vir"
sh=23B3E5F508EB6FC76D67A873A5AAC2D34C3CE5E1 ft=1 fh=b86fe1495473b541 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgcommon.dll.vir"
sh=7DB65607A18C67C0C8C0310E0FF23A202AB3F070 ft=1 fh=9f565fd3b0ad3b83 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll.vir"
sh=3176C30E3A30990C42C968951B6BB2ADFD0B1C00 ft=1 fh=12a0591694d39321 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll.vir"
sh=08647AB20AED7B8385931FDF5B4A48165131A061 ft=1 fh=b4c21070436958b0 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll.vir"
sh=C6A9FB024D614702667E0768E0B673BA3A31F504 ft=1 fh=aa62bac49704426f vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe.vir"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll.vir"
sh=D09F832544B921CD7C61A7DB193F29EF6638AD88 ft=1 fh=58a116a27a6d5dbb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir"
sh=C6E3F8034D197C34D61701AC146694B6DBEC36CD ft=1 fh=7f9fa2fc68c7b7f4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll.vir"
sh=FC883B83DA2A9ED93AC2A4CEC9936268A6B264C2 ft=1 fh=80a06d85550fdea2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgArchive.dll.vir"
sh=F3001B5F58A6C6AB8DD7E6E63CB89D20F74EF228 ft=1 fh=f50ea5fcbc656251 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommon.dll.vir"
sh=2CF3C9FBCBEBAA6D75DE43CCC487D62954538F81 ft=1 fh=446d6a4df1e456fa vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll.vir"
sh=60FCD298549E0383DFACBE66420DC922D6BAAF84 ft=1 fh=73f28a50980afe65 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgconfig.dll.vir"
sh=531A5D492B39076AA7990DD76F41B762258B86A7 ft=1 fh=a45064434f491236 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll.vir"
sh=AE57E26160449200540B1FD8E839F1BD5A30327A ft=1 fh=c29c62a52f555ace vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mghooking.dll.vir"
sh=B6E78443D25AF8B978DC24D515DF7B2F673629CC ft=1 fh=ece232c764d65d89 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll.vir"
sh=42B14A7D72C6EDAF5140A2C7B95149B92473853C ft=1 fh=6f2c94e91302d1a2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir"
sh=B28C9BCA89A124EBD2EAAF5073370E7E0E87DB4E ft=1 fh=c56c5ff3b0e7703d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mglogger.dll.vir"
sh=87FF2D9A36B50B5A7DF4D08F87B92BEA86D7DAB7 ft=1 fh=71dc135578fffed6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll.vir"
sh=C86CF9524D11A2392A491EA15ED12D2CA890F249 ft=1 fh=ae21d71fff630a17 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll.vir"
sh=055E7A147AB9DCB141FDF58A0D3CCD825AE8B361 ft=1 fh=ac8cec2f7886b930 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir"
sh=73987118D6F1799B0B29DB00BF7248B20347BB46 ft=1 fh=d25a2527398bc729 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll.vir"
sh=C786E62AB09C10B6277F3E9CFC34207FE56E1FFA ft=1 fh=6c27d70c5686a2b1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll.vir"
sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll.vir"
sh=093FB06E67DB8C5562A823E389853340405B8724 ft=1 fh=1b5e6676818f2ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll.vir"
sh=A679EB39BB32DD88C09E150B0E5F7BAED12467A6 ft=1 fh=0ba701bbd4ac4b73 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll.vir"
sh=9B45902B8B791A84EC6F7D1AD2E8099410D1A467 ft=1 fh=3191d44e293b78d5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir"
sh=AE3254BDF03A347110068EF29CB15C7B554491F0 ft=1 fh=30381f993c8268c2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\SweetIM.exe.vir"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"
sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"
sh=100993E5BDF2AB08262B8BE5AEF2C60D6CC41D52 ft=1 fh=d728aee591b026ab vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=76BB7D8A4E34E42AAF513FB2C31D1F1F326E4B67 ft=1 fh=34dfbb05f2f3c2c4 vn="Variante von Win32/AdGazelle.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Maria\Downloads\setupsetup(1).exe.xBAD"
sh=0DA8819819B4639FA456ECA1948CCD430536B071 ft=1 fh=7ba38037f2f3c2c4 vn="Variante von Win32/AdGazelle.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Maria\Downloads\setupsetup.exe.xBAD"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Maria\AppData\Local\nsh778C.tmp"
sh=7F35DA0812C66B0990A78A7D81A9A1EF15291FC6 ft=1 fh=9e0b256b832e64e5 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Maria\AppData\Local\nsy782F.tmp"
sh=9522EED31EB4138B4D0150B5E9649DFD7AE80039 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Maria\Desktop\Eigene Dateien\programme\Kram\Alte Firefox-Daten\svs9hy6t.default\extensions\webbooster@iminent.com.xpi"
sh=F65E56B7C07BCE2B9EF6E4DAF8AF6B3BBBE1780C ft=1 fh=5d78baca7f7ad589 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Maria\Desktop\Eigene Dateien\Studium allgemein\didaktik philo\Know how Rechtliches\Programme\FreeFLVConverter.exe"
sh=B3DC7558D2C76F988CAB819CCB9B0060087A7C70 ft=1 fh=9227631f22d31e37 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Maria\Desktop\Eigene Dateien\Studium allgemein\didaktik philo\Know how Rechtliches\Programme\Video Pad Video Editor.exe"

4.Schritt:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 	15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
 Mozilla Thunderbird (31.3.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Sony VAIOCA~1 Iolo IOLOTO~1.EXE 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

...wirklich tausend Dank, dass du dir die Zeit nimmst...ich hätte das alleine niemals hinbekommen.

...wenn ich einmal dabei bin: es taucht in letzter Zeit (und auch jetzt noch) immer wieder diese Fehlermeldung auf:

http://www.trojaner-board.de/attachm...ufzeichnen.jpg

Soll ich mich da mal extra dazu belesen oder steht das in Zusammenhang mit den gefundenen Problemen auf meinen Pc?
Ich danke dir recht herzlich!!!

M-K-D-B · 06.01.2015, 11:02

Servus,

ich sehe keinen Zusammenhang zwischen der Meldung des Flashplayers und dem, was wir hier entfernt haben. Du könntest den Shockwave Flash Player deinstallieren und die neueste Version im Anschluss installieren.

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\ProgramData\Packer
C:\Users\Maria\Desktop\Eigene Dateien\programme\Kram\Alte Firefox-Daten\svs9hy6t.default\extensions\webbooster@iminent.com.xpi
C:\Users\Maria\Desktop\Eigene Dateien\Studium allgemein\didaktik philo\Know how Rechtliches\Programme\FreeFLVConverter.exe
C:\Users\Maria\AppData\Local\*.tmp
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!

Verwende für jede Anwendung und jeden Account ein anderes Passwort.
Ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist das sehr wichtig.
Speichere keine Passwörter auf deinem PC, gib diese nicht an Dritte weiter.
Ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen.
Benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster.
Verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben.

Schritt 2
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:

Adobe Flash Player

Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:

Adobe Flash Player (Entferne vor dem Download den Haken bei McAfee Security Scan)

Starte deinen Rechner nach der Installation neu auf.

Schritt 3
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 4
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
SpywareBlaster
Eine kurze Einführung findest du Hier

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

MariaG · 06.01.2015, 18:39

...ich habe gleich am Anfang ein problem:

Ich habe FRST nicht mehr auf meinem pc gefunden?!
NUn habe ich es mir neu runter geladen (von dem link den du mir gegeben hast),
ich kann es aber nicht mehr öffnen um den ersten Schritt zu vollziehen, da kommt folgende Meldung:

"Der Computer wurde durch windows geschützt. Von Windows SmartScreen wurde der Start einer unbekannten App verhindert.Die Ausführung dieser App stellt unter Umständen ein Risiko für den Pc dar."

...was mache ich jetzt?

....und: Ich finde den shockwave flash player nicht. Ich bin in systemsteuerung und dann in programme, richtig? Da habe ich nur einen adope flash player. ist das der, den ich deinstallieren soll?

...das problem hat sich erledigt, ich vollziehe jetzt die ganzen schritte und melde mich dann wieder.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-01-2015
Ran by Maria at 2015-01-06 17:25:51 Run:3
Running from C:\Users\Maria\Desktop
Loaded Profiles: Maria &  (Available profiles: Maria)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\ProgramData\Packer
C:\Users\Maria\Desktop\Eigene Dateien\programme\Kram\Alte Firefox-Daten\svs9hy6t.default\extensions\webbooster@iminent.com.xpi
C:\Users\Maria\Desktop\Eigene Dateien\Studium allgemein\didaktik philo\Know how Rechtliches\Programme\FreeFLVConverter.exe
C:\Users\Maria\AppData\Local\*.tmp
end
       
*****************

Processes closed successfully.
C:\ProgramData\Packer => Moved successfully.
C:\Users\Maria\Desktop\Eigene Dateien\programme\Kram\Alte Firefox-Daten\svs9hy6t.default\extensions\webbooster@iminent.com.xpi => Moved successfully.
C:\Users\Maria\Desktop\Eigene Dateien\Studium allgemein\didaktik philo\Know how Rechtliches\Programme\FreeFLVConverter.exe => Moved successfully.
C:\Users\Maria\AppData\Local\*.tmp => Moved successfully.


The system needed a reboot. 

==== End of Fixlog 17:25:57 ====

Lieber Matthias,

ich habe jetzt alles wie beschrieben erledigt und es kamen tatsächlich keine Werbungen mehr *freu*. Vielen lieben Dank!!! Nur die Meldung mit diesem Shockwaveplayer nervt noch etwas, du meintest ja, dass ich ihn deinstallieren soll, aber ich finde ihn nicht mals in meinen Programmen (was ich oben schon beschrieben hatte), kannst du da noch was dazu sagen?

M-K-D-B · 07.01.2015, 15:42

Servus,

zu Shockwave:

1. Lade dir die aktuellste Version von Shockwave herunter:
https://get.adobe.com/de/shockwave/

2. alle Browser schließen

3. Shockwave installieren.

4. Rechner neu starten

Kommt die Meldung dann immer noch?

07.01.2015, 15:42	#15
M-K-D-B /// TB-Ausbilder	Ständige Werbeanzeigen trotz Adblock Servus, zu Shockwave: 1. Lade dir die aktuellste Version von Shockwave herunter: https://get.adobe.com/de/shockwave/ 2. alle Browser schließen 3. Shockwave installieren. 4. Rechner neu starten Kommt die Meldung dann immer noch?

Ständige Werbeanzeigen trotz Adblock

Plagegeister aller Art und deren Bekämpfung: Ständige Werbeanzeigen trotz Adblock