Trojaner-Board - Firefox: Es kommen ständig die gleichen Werbe-Fenster zwischendurch

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Firefox: Es kommen ständig die gleichen Werbe-Fenster zwischendurch (https://www.trojaner-board.de/152414-firefox-kommen-staendig-gleichen-werbe-fenster-zwischendurch.html)

Firefox: Es kommen ständig die gleichen Werbe-Fenster zwischendurch

Hallo,

wenn ich in´s Internet gehe kommen zwischendurch solche Werbe-Fenster. Sind das Pop-Ups? Aber immer von der gleichen Sache welche dann aber auch gelegentlich mal wechselt und dann aber ne Zeit lang den gleichen Inhalt hat.

Woran kann das liegen? Ich habe Angst einen Trojaner zu haben.

Könnte mir jemand helfen?

Danke

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2014

Ran by User (administrator) on NOTEBOOK on 13-04-2014 19:00:12

Running from C:\Users\User\Downloads

Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 7

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe

(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe

(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe

(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)

Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)

HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403d83-ac64-11df-8eb6-0013a9c9eb0b} - H:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403dd4-ac64-11df-8eb6-001e101fa1f5} - H:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {863e7e65-c17e-11de-b137-0013a9c9eb0b} - p9dwwa61.exe

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {a47bbd1a-2984-11e1-b19f-0013a9c9eb0b} - I:\LaunchU3.exe -a
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: No Name - {6620E3D8-B3C3-45AC-AAE0-3C1A27A3B319} -  No File

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)

DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=20080128-1

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 37 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{63322D96-B808-49C1-BA74-E67EB9A64D31}: [NameServer]213.187.132.70
 

FireFox:

========

FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: 20-20 3D Viewer - IKEA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-09]

FF Extension: Tube Dimmer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\Extensions\support@tubedimmerapp.com [2013-12-31]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\User\AppData\Roaming\01026

FF Extension: No Name - C:\Users\User\AppData\Roaming\01026 [2012-04-11]
 

Chrome: 

=======

CHR DefaultSearchKeyword: nationzoom

CHR DefaultSearchProvider: nationzoom

CHR DefaultSearchURL: hxxp://www.nationzoom.com/web/?type=ds&ts=1388499585&from=adks&uid=HitachiXHTS541612J9SA00_SB2DB2E4KE1W8HKE1W8HX&q={searchTerms}

CHR DefaultNewTabURL: 

CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-08-14]

CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]

CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]

CHR Extension: (RealDownloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-12]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]

CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]

CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-21]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-20]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-13] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)

R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [57344 2006-12-14] ()

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe [112184 2007-01-24] (Sony Corporation)

S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)

S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe [75320 2007-01-24] (Sony Corporation)

S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-01-10] (Sony Corporation)

R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)

S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)

S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)

S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)

S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe [491520 2007-01-08] (Sony Corporation)

S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)

S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)

S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)

R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-11-28] (Sony Corporation)

R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [172032 2006-11-28] (Sony Corporation)

R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-11-28] (Sony Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)

S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)

R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-04-23] (Texas Instruments)

S4 Amndewkxwnp; No ImagePath

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-13 19:00 - 2014-04-13 19:00 - 00020611 _____ () C:\Users\User\Downloads\FRST.txt

2014-04-13 19:00 - 2014-04-13 19:00 - 00000000 ____D () C:\FRST

2014-04-13 18:59 - 2014-04-13 18:59 - 01146368 _____ (Farbar) C:\Users\User\Downloads\FRST.exe

2014-04-12 13:01 - 2014-04-12 13:01 - 00000235 _____ () C:\Users\User\Desktop\Teilungsplan 13111 Roth.log

2014-04-07 18:43 - 2014-04-07 19:24 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige

2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk
 

==================== One Month Modified Files and Folders =======
 

2014-04-13 19:00 - 2014-04-13 19:00 - 00020611 _____ () C:\Users\User\Downloads\FRST.txt

2014-04-13 19:00 - 2014-04-13 19:00 - 00000000 ____D () C:\FRST

2014-04-13 18:59 - 2014-04-13 18:59 - 01146368 _____ (Farbar) C:\Users\User\Downloads\FRST.exe

2014-04-13 18:59 - 2009-08-25 13:24 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job

2014-04-13 18:59 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-13 18:59 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-13 18:45 - 2013-07-01 23:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-13 18:12 - 2013-07-03 19:20 - 02004465 _____ () C:\Windows\WindowsUpdate.log

2014-04-13 18:11 - 2010-03-06 01:11 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-13 18:07 - 2010-03-06 01:11 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-13 18:04 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-13 09:50 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-04-12 13:01 - 2014-04-12 13:01 - 00000235 _____ () C:\Users\User\Desktop\Teilungsplan 13111 Roth.log

2014-04-12 11:53 - 2007-07-22 10:51 - 00113664 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-04-08 23:18 - 2007-07-20 18:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe

2014-04-08 23:18 - 2007-02-26 18:04 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-07 19:24 - 2014-04-07 18:43 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige

2014-04-07 17:32 - 2006-11-02 12:33 - 01592666 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk

2014-03-25 12:08 - 2014-03-13 18:28 - 00000000 ____D () C:\Users\User\Documents\Anki
 

Some content of TEMP:

====================

C:\Users\User\AppData\Local\Temp\avgnt.exe

C:\Users\User_2\AppData\Local\Temp\AskSLib.dll

C:\Users\User_2\AppData\Local\Temp\wlsetup-cvr.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-13 18:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-04-2014

Ran by User at 2014-04-13 19:00:57

Running from C:\Users\User\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems)

Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.0.0 - Adobe Systems) Hidden

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 9 ActiveX (HKLM\...\{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}) (Version: 9.0.124.0 - Adobe Systems, Inc.)

Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)

Adobe Reader X (10.1.8) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)

AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )

AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )

Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )

Anki (HKLM\...\Anki) (Version:  - )

AutoCAD 2007 - Deutsch (HKLM\...\{5783F2D7-5001-0407-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)

AutoDWG DWG DXF Converter (HKLM\...\{B3C53492-53A3-4EA8-A3A2-B30DBBE14B96}) (Version:  - )

Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC)

CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)

DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)

DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 1.0.2.23 - DivX, Inc. )

EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.0.2.0 - )

EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )

EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )

Free YouTube to MP3 Converter version 3.11.34.1015 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.34.1015 - DVDVideoSoft Ltd.)

GEOgraf System Runtime Components (Version: 1.0.0 - HHK Datentechnik GmbH) Hidden

Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden

Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden

Java DB 10.5.3.0 (HKLM\...\{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}) (Version: 10.5.3.0 - Sun Microsystems, Inc)

Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)

Java(TM) 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)

Java(TM) SE Development Kit 6 Update 23 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160230}) (Version: 1.6.0.230 - Oracle)

Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)

Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Konz 2012 (HKLM\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)

Konz 2012 (Version: 1.00.0000 - USM) Hidden

Konz 2013 (HKLM\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)

Konz 2013 (Version: 1.00.0000 - USM) Hidden

LAN-Express AS IEEE 802.11 Wireless LAN (HKLM\...\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}) (Version: 7.1.0.116 - LAN-Express)

Macromedia Flash Player 8 (HKLM\...\ShockwaveFlash) (Version: 8 - Macromedia)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)

Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)

Mixxx 1.10.0 (HKLM\...\Mixxx (1.10.0)) (Version: 1.10.0 - The Mixxx Team)

Mozilla Firefox 21.0 (x86 de) (HKLM\...\Mozilla Firefox 21.0 (x86 de)) (Version: 21.0 - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

OpenMG Limited Patch 4.7-07-13-24-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )

OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)

OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden

OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)

PDF-XChange Viewer (HKLM\...\{37B3776C-6DE6-4DD4-9AC6-C14952083932}) (Version: 2.5.193.0 - Tracker Software Products Ltd.)

RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version:  - )

Servicepack Datumsaktualisierung (HKLM\...\{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}) (Version: 1.00.00.0005 - Haufe-Lexware)

Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden

Setting Utility Series (HKLM\...\{59452470-A902-477F-9338-9B88101681BD}) (Version: 2.1.00.13300 - Sony Corporation)

SimpleOCR 3.1 (HKLM\...\SimpleOCR 3.1) (Version:  - )

Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SonicStage 4.3 (HKLM\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)

Sony Utilities DLL (HKLM\...\{EF3D45BB-2260-4008-88EA-492E7744A9DF}) (Version: 7.1.00.13300 - Sony Corporation)

Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.1.03 - Sony Corporation)

Steuer 2011 (HKLM\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)

Steuer 2012 (HKLM\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)

Steuer 2013 (HKLM\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION

VAIO Aqua Breeze Wallpaper (HKLM\...\{97BCD719-6ECB-458F-97D6-F38D2E07375E}) (Version: 1.0.11.13240 - Sony Corporation)

VAIO Content Importer  VAIO Content Exporter (Version: 1.3.00.13300 - Sony Corporation) Hidden

VAIO Content Importer / VAIO Content Exporter (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.3.00.13300 - Sony Corporation)

VAIO Control Center (HKLM\...\{FC37C108-821D-4EDE-8F40-D5B497586805}) (Version: 2.0.00.11060 - Sony Corporation)

VAIO Cozy Orange Wallpaper (HKLM\...\{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}) (Version: 1.0.11.13240 - Sony Corporation)

VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.01.02070 - Sony Corporation)

VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 2.0.02.13290 - Sony Corporation)

VAIO Event Service (HKLM\...\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}) (Version: 3.1.00.14130 - Sony Corporation)

VAIO Hardware Diagnostics (HKLM\...\{A947C2B3-7445-42C4-9063-EE704CACCB22}) (Version:  - )

VAIO Media (Version: 6.0.10 - Sony Corporation) Hidden

VAIO Media 6.0 (HKLM\...\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}) (Version: 6.0.10 - Sony Corporation)

VAIO Media AC3 Decoder 1.0 (HKLM\...\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}) (Version:  - )

VAIO Media Content Collection 6.0 (HKLM\...\{500162A0-4DD5-460A-BAFD-895AAE48C532}) (Version:  - Sony Corporation)

VAIO Media Integrated Server 6.0 (HKLM\...\{785EB1D4-ECEC-4195-99B4-73C47E187721}) (Version:  - Sony Corporation)

VAIO Media Redistribution 6.0 (HKLM\...\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}) (Version: 6.0.10 - Sony Corporation)

VAIO Media Registration Tool (Version: 6.0.10 - Sony Corporation) Hidden

VAIO Media Registration Tool 6.0 (HKLM\...\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}) (Version: 6.0.10 - Sony Corporation)

VAIO Original Screen Saver (HKLM\...\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}) (Version:  - )

VAIO Photo 2007 (HKLM\...\{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}) (Version: 1.0.01.01250 - Sony Corporation)

VAIO Power Management (HKLM\...\{9E319E96-ED8E-4B01-9775-C521A1869A25}) (Version: 2.1.00.14090 - Sony Corporation)

VAIO Tender Green Wallpaper (HKLM\...\{934A3213-1CB6-4264-84A2-EE080C017BCA}) (Version: 1.0.11.10180 - Sony Corporation)

VAIO Update 3 (HKLM\...\{48820099-ED7D-424B-890C-9A82EF00656D}) (Version: 3.0.01.02050 - Sony Corporation)

VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden

VideoLAN VLC media player 0.8.6d (HKLM\...\VLC media player) (Version: 0.8.6d - VideoLAN Team)

Wartung Samsung CLP-320 Series (HKLM\...\Samsung CLP-320 Series) (Version:  - Samsung Electronics Co., Ltd.)

WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)

Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B6.113 - InterVideo Inc.)

WinDVD for VAIO (Version: 8.0-B6.113 - InterVideo Inc.) Hidden

WinZip (HKLM\...\WinZip) (Version:  9.0  (6028g) - WinZip Computing, Inc. und H.C. Top Systems B.V.)

Wireless Switch Setting Utility (HKLM\...\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}) (Version: 3.6.01.18210 - Sony Corporation)
 

==================== Restore Points  =========================
 

24-03-2014 16:47:40 Geplanter Prüfpunkt

25-03-2014 13:52:43 Geplanter Prüfpunkt

26-03-2014 19:14:48 Geplanter Prüfpunkt

01-04-2014 17:48:06 Geplanter Prüfpunkt

05-04-2014 08:37:11 Geplanter Prüfpunkt

12-04-2014 07:08:59 Geplanter Prüfpunkt
 

==================== Hosts content: ==========================
 

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {020F3D18-4BFB-446C-9F9B-80A1C57818FD} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-06-15] (Sony Corporation)

Task: {0BCB80A5-4094-432C-BF55-028AC85EA85C} - System32\Tasks\LaunchMCV => MyClubVaio.vbs

Task: {0D78AED4-B1AD-48D4-833B-F98220234A06} - System32\Tasks\MCVSurveyReminder3 => reminder.exe

Task: {1B91E0C2-B2DE-4443-AD4E-ED006394A83F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3478396187-4038831351-2685403778-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {1FE11795-DD6A-49F2-ADE8-CDD3D1872E19} - System32\Tasks\MCVRegistrationReminder3 => reminder.exe

Task: {3242ED2D-7358-422B-8B5E-62FDCA7B03C9} - System32\Tasks\MCVRegistrationReminder1 => reminder.exe

Task: {362A7006-A29C-4A19-834C-757BDEB4C625} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {4338F05A-1464-4311-9279-DFC35C1F8FB5} - System32\Tasks\MCVSurveyReminder1 => reminder.exe

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {56E17BCD-2844-4A38-848F-6145C5E06DEA} - System32\Tasks\MCVSurveyReminder2 => reminder.exe

Task: {77296531-153D-4CA9-8C38-5F84CA95C6D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)

Task: {7A45A5E1-1049-43AE-82A4-BDCD5CE9DF56} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - User => C:\Program Files\Windows Calendar\wincal.exe [2008-01-19] (Microsoft Corporation)

Task: {7AB0C05C-A47A-42A7-BA60-1D54231BC3B8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3478396187-4038831351-2685403778-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)

Task: {97D34B86-E355-4BFB-9BC8-80FA0019FD66} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3478396187-4038831351-2685403778-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)

Task: {9A4C2190-7A5C-4EEE-8E22-43C82EEE8677} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06] (Google Inc.)

Task: {9D275F95-B1EF-4BA4-A76E-79F9FA38D8F8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3478396187-4038831351-2685403778-1005 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)

Task: {A0E61055-121E-4F6F-94B5-60EE15AC5AAD} - System32\Tasks\MCVRegistrationReminder4 => reminder.exe

Task: {B08BAAE6-F5EE-4B52-88D6-0C23CD56983F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3478396187-4038831351-2685403778-1005 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)

Task: {B4278A8A-0B7D-4CF7-AFAF-C23541773471} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2007-02-05] (Sony Corporation)

Task: {C0155B1F-AADF-4E40-8A81-8665A8291584} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3478396187-4038831351-2685403778-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()

Task: {E7DB7C4B-4D56-4EFC-85B6-BB8C00199F43} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)

Task: {F7FC656B-2C77-4B82-BA50-BE15186C0C6D} - System32\Tasks\MCVRegistrationReminder2 => reminder.exe

Task: {F8C35C56-6832-472A-BB15-FCC93EF6F916} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06] (Google Inc.)

Task: {FAA16490-92DF-43B9-BBB5-E0B22901849D} - System32\Tasks\MCVSurveyReminder4 => reminder.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job => C:\Windows\system32\msfeedssync.exe
 

==================== Loaded Modules (whitelisted) =============
 

2004-12-14 04:28 - 2004-12-14 04:28 - 01212416 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU

2011-11-10 13:35 - 2009-09-11 09:47 - 00026624 _____ () C:\Windows\System32\sst3cl3.dll

2013-08-08 17:42 - 2013-08-07 21:33 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

2007-02-26 18:01 - 2007-02-13 16:19 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll

2007-02-26 18:01 - 2007-02-13 16:19 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll

2008-03-20 14:00 - 2008-01-19 00:35 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll

2007-02-26 21:02 - 2007-01-24 11:04 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll

2004-12-14 05:44 - 2004-12-14 05:44 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Spelling.DEU

2004-12-14 05:40 - 2004-12-14 05:40 - 00006656 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\ADBC.DEU

2004-12-14 05:44 - 2004-12-14 05:44 - 00540672 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PPKLite.DEU

2004-12-14 05:40 - 2004-12-14 05:40 - 00049152 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Accessibility.DEU

2004-12-14 05:40 - 2004-12-14 05:40 - 00417792 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\AcroForm.DEU

2004-12-14 05:41 - 2004-12-14 05:41 - 00651264 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Annots.DEU

2004-12-14 05:41 - 2004-12-14 05:41 - 00040960 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Catalog.DEU

2004-12-14 05:41 - 2004-12-14 05:41 - 00126976 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Checkers.DEU

2004-12-14 05:41 - 2004-12-14 05:41 - 00135168 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\DigSig.DEU

2004-12-14 05:42 - 2004-12-14 05:42 - 00010752 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\DistillerPI.DEU

2004-12-14 05:42 - 2004-12-14 05:42 - 00299008 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\ebook.DEU

2004-12-14 05:42 - 2004-12-14 05:42 - 00086016 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\EScript.DEU

2004-12-14 04:28 - 2004-12-14 04:28 - 00005120 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\EWH32.DEU

2004-12-14 05:43 - 2004-12-14 05:43 - 00006144 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\FlattenerView.DEU

2004-12-14 04:28 - 2004-12-14 04:28 - 00010240 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\HLS.DEU

2004-12-14 05:43 - 2004-12-14 05:43 - 00049152 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\HTML2PDF.DEU

2004-12-14 05:43 - 2004-12-14 05:43 - 00094208 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\ImageConversion.DEU

2004-12-14 04:29 - 2004-12-14 04:29 - 00217088 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\JDFProdDef.DEU

2004-12-14 05:43 - 2004-12-14 05:43 - 00045056 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\MakeAccessible.DEU

2004-12-14 05:43 - 2004-12-14 05:43 - 00122880 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Multimedia.DEU

2004-12-14 05:43 - 2004-12-14 05:43 - 00053248 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PaperCapture.DEU

2004-12-14 04:29 - 2004-12-14 04:29 - 00007680 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PDDom.DEU

2004-12-14 05:44 - 2004-12-14 05:44 - 00544768 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PictureTasks.DEU

2004-12-14 04:29 - 2004-12-14 04:29 - 00007168 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\reflow.DEU

2004-12-14 05:44 - 2004-12-14 05:44 - 00017408 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\SaveAsRTF.DEU

2004-12-14 05:44 - 2004-12-14 05:44 - 00015360 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\SaveAsXML.DEU

2004-12-14 05:44 - 2004-12-14 05:44 - 00024064 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Search.DEU

2004-12-14 04:29 - 2004-12-14 04:29 - 00008704 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Search5.DEU

2004-12-14 05:44 - 2004-12-14 05:44 - 00015360 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\SendMail.DEU

2004-12-14 05:44 - 2004-12-14 05:44 - 00065536 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Soap.DEU

2004-12-14 05:44 - 2004-12-14 05:44 - 00014336 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\TablePicker.DEU

2004-12-14 05:45 - 2004-12-14 05:45 - 00094208 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\TouchUp.DEU

2004-12-14 05:45 - 2004-12-14 05:45 - 00026624 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Updater.DEU

2004-12-14 05:45 - 2004-12-14 05:45 - 00032768 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\weblink.DEU

2004-12-14 05:45 - 2004-12-14 05:45 - 00106496 _____ () C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\WebPDF.DEU

2013-06-14 18:52 - 2013-05-12 00:26 - 03128728 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

2014-03-11 19:45 - 2014-03-11 19:45 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk => C:\Windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD-Startbeschleuniger.lnk => C:\Windows\pss\AutoCAD-Startbeschleuniger.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup

MSCONFIG\startupreg: AAWTray => C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint\Apoint.exe

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe

MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: ICQ6setup => cmd.exe /c rmdir /S /Q "C:\Program Files\ICQ6.5"

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

MSCONFIG\startupreg: KiesHelper => C:\Program Files\Samsung\Kies\KiesHelper.exe /s

MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: LexwareInfoService => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot

MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

MSCONFIG\startupreg: {EFA1AE16-DFE3-0274-0A40-A76B56E87B5B} => C:\Users\User\AppData\Roaming\Erse\maola.exe
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (04/13/2014 06:07:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (04/13/2014 09:34:37 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (04/12/2014 11:42:16 AM) (Source: Application Error) (User: )

Description: Fehlerhafte Anwendung firefox.exe, Version 21.0.0.4879, Zeitstempel 0x518ec3cc, fehlerhaftes Modul xul.dll, Version 21.0.0.4879, Zeitstempel 0x518ec306, Ausnahmecode 0xc0000005, Fehleroffset 0x001c9789,

Prozess-ID 0x14e8, Anwendungsstartzeit firefox.exe0.
 

Error: (04/12/2014 08:06:27 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (04/08/2014 11:57:51 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)

Description: EXCEPTION calling function IThread(ProtocolSrvConThread)::run() for the file

unknown

[ACCESS_VIOLATION Exception!! EIP = 0x721ad967]

Please inform Avira and submit the appropriate file!
 

Error: (04/08/2014 10:37:58 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (04/08/2014 05:59:04 PM) (Source: Application Error) (User: )

Description: Fehlerhafte Anwendung EXCEL.EXE, Version 10.0.6871.0, Zeitstempel 0x4daf71c5, fehlerhaftes Modul mso.dll, Version 10.0.6870.0, Zeitstempel 0x4d602ee7, Ausnahmecode 0xc0000005, Fehleroffset 0x00021e92,

Prozess-ID 0x1170, Anwendungsstartzeit EXCEL.EXE0.
 

Error: (04/08/2014 05:57:19 PM) (Source: Application Error) (User: )

Description: Fehlerhafte Anwendung EXCEL.EXE, Version 10.0.6871.0, Zeitstempel 0x4daf71c5, fehlerhaftes Modul mso.dll, Version 10.0.6870.0, Zeitstempel 0x4d602ee7, Ausnahmecode 0xc0000005, Fehleroffset 0x00021e92,

Prozess-ID 0x126c, Anwendungsstartzeit EXCEL.EXE0.
 

Error: (04/08/2014 05:53:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (04/07/2014 05:48:29 PM) (Source: Application Error) (User: )

Description: Fehlerhafte Anwendung EXCEL.EXE, Version 10.0.6871.0, Zeitstempel 0x4daf71c5, fehlerhaftes Modul mso.dll, Version 10.0.6870.0, Zeitstempel 0x4d602ee7, Ausnahmecode 0xc0000005, Fehleroffset 0x00022314,

Prozess-ID 0x520, Anwendungsstartzeit EXCEL.EXE0.
 
 

System errors:

=============

Error: (04/13/2014 06:44:27 PM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/13/2014 06:42:36 PM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/13/2014 06:34:47 PM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/13/2014 06:15:17 PM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/13/2014 06:15:15 PM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/13/2014 06:14:43 PM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "NOTEBOOK" auf Transport "NetBT_Tcpip_{75150A78-C350-47D0-A029-3". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (04/13/2014 06:13:02 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{75150A78-C350-47D0-A029-3EEC5D8DD5-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (04/13/2014 06:07:01 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{75150A78-C350-47D0-A029-3EEC5D8DD5-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (04/13/2014 06:05:40 PM) (Source: Service Control Manager) (User: )

Description: DgiVecp%%2
 

Error: (04/13/2014 06:05:40 PM) (Source: Service Control Manager) (User: )

Description: Parallel port driver%%1058
 
 

Microsoft Office Sessions:

=========================

Error: (04/13/2014 06:07:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (04/13/2014 09:34:37 AM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (04/12/2014 11:42:16 AM) (Source: Application Error)(User: )

Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c978914e801cf56167d2a8c4e
 

Error: (04/12/2014 08:06:27 AM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (04/08/2014 11:57:51 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)

Description: unknownACCESS_VIOLATION0x721ad967IThread(ProtocolSrvConThread)::run()
 

Error: (04/08/2014 10:37:58 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (04/08/2014 05:59:04 PM) (Source: Application Error)(User: )

Description: EXCEL.EXE10.0.6871.04daf71c5mso.dll10.0.6870.04d602ee7c000000500021e92117001cf534374804d82
 

Error: (04/08/2014 05:57:19 PM) (Source: Application Error)(User: )

Description: EXCEL.EXE10.0.6871.04daf71c5mso.dll10.0.6870.04d602ee7c000000500021e92126c01cf5343359c6362
 

Error: (04/08/2014 05:53:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
 

Error: (04/07/2014 05:48:29 PM) (Source: Application Error)(User: )

Description: EXCEL.EXE10.0.6871.04daf71c5mso.dll10.0.6870.04d602ee7c00000050002231452001cf5278d1a87ea1
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-04-13 19:00:33.610

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-13 19:00:33.517

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-13 19:00:33.423

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-13 19:00:33.331

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-13 19:00:33.234

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-13 19:00:33.141

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-13 19:00:33.048

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-13 19:00:32.955

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-09-03 22:31:18.788

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2012-10-27 20:02:00.499

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 49%

Total physical RAM: 2037.45 MB

Available physical RAM: 1019.7 MB

Total Pagefile: 4322.17 MB

Available Pagefile: 3172.27 MB

Total Virtual: 2047.88 MB

Available Virtual: 1907.02 MB
 

==================== Drives ================================
 

Drive c: (Vista) (Fixed) (Total:53.44 GB) (Free:6.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive g: (Daten) (Fixed) (Total:49.04 GB) (Free:33.53 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 722DCBAF)

Partition 1: (Not Active) - (Size=9 GB) - (Type=27)

Partition 2: (Active) - (Size=53 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

danke dir

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo,

habe alles erledigt. Hier dann die Textdateien:

mbam

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
 

Detection, 15.04.2014 00:00:56, User, NOTEBOOK, Protection, Malware Protection, File, PUP.Optional.TubeDimmer.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\extensions\support@tubedimmerapp.com\chrome\content\main.js, Quarantine, [525dbd6b88f36dc9fdc6c896e41e946c]

Protection, 15.04.2014 17:53:25, SYSTEM, NOTEBOOK, Protection, Malware Protection, Starting, 

Protection, 15.04.2014 17:53:25, SYSTEM, NOTEBOOK, Protection, Malware Protection, Started, 

Protection, 15.04.2014 17:53:25, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Starting, 

Protection, 15.04.2014 17:56:04, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Started, 

Update, 15.04.2014 17:59:57, SYSTEM, NOTEBOOK, Manual, Malware Database, 2014.4.10.7, 2014.4.15.7, 

Protection, 15.04.2014 18:00:24, SYSTEM, NOTEBOOK, Protection, Refresh, Starting, 

Protection, 15.04.2014 18:00:24, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Stopping, 

Protection, 15.04.2014 18:00:24, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Stopped, 

Protection, 15.04.2014 18:01:06, SYSTEM, NOTEBOOK, Protection, Refresh, Success, 

Protection, 15.04.2014 18:01:06, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Starting, 

Protection, 15.04.2014 18:01:12, SYSTEM, NOTEBOOK, Protection, Malicious Website Protection, Started, 

Detection, 15.04.2014 18:36:03, SYSTEM, NOTEBOOK, Protection, Malware Protection, File, PUP.Optional.DomaIQ, C:\Users\User\AppData\Local\Temp\OIxU_gS4.exe.part, Quarantine, [7033b97190eb2c0ada7367d8f907ab55]
 

(end)

adw-cleaner

Code:

# AdwCleaner v3.023 - Bericht erstellt am 15/04/2014 um 18:57:52

# Aktualisiert 01/04/2014 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)

# Benutzername : User - NOTEBOOK

# Gestartet von : C:\Users\User\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\simplitec

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec

Ordner Gelöscht : C:\Program Files\simplitec

Ordner Gelöscht : C:\Users\User\AppData\Roaming\simplitec

Datei Gelöscht : C:\Users\Public\Desktop\simplicheck.lnk

Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\Software\Description

Schlüssel Gelöscht : HKLM\Software\simplitec

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62255E52F19EC97429A42D59D49024FA

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE7C2A75DF08824E9CEFDE20F655BD9
 

***** [ Browser ] *****
 

-\\ Internet Explorer v7.0.6001.18639
 
 

-\\ Mozilla Firefox v21.0 (de)
 

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\prefs.js ]
 
 

-\\ Google Chrome v31.0.1650.63
 

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Gelöscht : search_url

Gelöscht : keyword
 

*************************
 

AdwCleaner[R0].txt - [13596 octets] - [31/12/2013 16:48:07]

AdwCleaner[R1].txt - [1635 octets] - [31/12/2013 17:03:07]

AdwCleaner[R2].txt - [1923 octets] - [11/01/2014 17:15:40]

AdwCleaner[R3].txt - [1924 octets] - [11/01/2014 17:16:22]

AdwCleaner[R4].txt - [1761 octets] - [26/01/2014 18:10:19]

AdwCleaner[R5].txt - [2946 octets] - [15/04/2014 18:56:29]

AdwCleaner[S0].txt - [11328 octets] - [31/12/2013 16:49:31]

AdwCleaner[S1].txt - [1698 octets] - [31/12/2013 17:04:31]

AdwCleaner[S2].txt - [1993 octets] - [11/01/2014 17:17:28]

AdwCleaner[S3].txt - [1748 octets] - [26/01/2014 18:11:17]

AdwCleaner[S4].txt - [2875 octets] - [15/04/2014 18:57:52]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2935 octets] ##########

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows Vista (TM) Home Premium x86

Ran by User on 15.04.2014 at 19:06:29,80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3478396187-4038831351-2685403778-1003\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181110}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\apn"
 
 
 

~~~ FireFox
 

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184aa5e6-741d-464a-820e-94b3abc2f3b4}

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\f2nuqa9k.default-1388501107279\minidumps [44 files]
 
 
 

~~~ Chrome
 

Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 15.04.2014 at 19:09:49,87

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014

Ran by User (administrator) on NOTEBOOK on 15-04-2014 19:10:45

Running from C:\Users\User\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 7

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe

(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe

(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)

HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1233920 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403d83-ac64-11df-8eb6-0013a9c9eb0b} - H:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403dd4-ac64-11df-8eb6-001e101fa1f5} - H:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {863e7e65-c17e-11de-b137-0013a9c9eb0b} - p9dwwa61.exe

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {a47bbd1a-2984-11e1-b19f-0013a9c9eb0b} - I:\LaunchU3.exe -a

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {f1a87b96-c3f1-11e3-8181-0013a9c9eb0b} - I:\LaunchU3.exe -a
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: No Name - {6620E3D8-B3C3-45AC-AAE0-3C1A27A3B319} -  No File

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=20080128-1

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 37 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{63322D96-B808-49C1-BA74-E67EB9A64D31}: [NameServer]213.187.132.70
 

FireFox:

========

FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: 20-20 3D Viewer - IKEA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-09]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
 

Chrome: 

=======

CHR DefaultSearchProvider: nationzoom

CHR DefaultSearchURL: hxxp://www.google.com

CHR DefaultNewTabURL: 

CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]

CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]

CHR Extension: (RealDownloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-12]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]

CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-20]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-13] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)

S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [57344 2006-12-14] ()

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe [112184 2007-01-24] (Sony Corporation)

S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)

S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe [75320 2007-01-24] (Sony Corporation)

S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-01-10] (Sony Corporation)

R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)

S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)

S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)

S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)

S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe [491520 2007-01-08] (Sony Corporation)

S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)

S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)

S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)

R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-11-28] (Sony Corporation)

R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [172032 2006-11-28] (Sony Corporation)

R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-11-28] (Sony Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)

S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)

R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-04-23] (Texas Instruments)

S4 Amndewkxwnp; No ImagePath

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-15 19:10 - 2014-04-15 19:10 - 00019768 _____ () C:\Users\User\Desktop\FRST.txt

2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Windows\ERUNT

2014-04-15 18:51 - 2014-04-15 18:51 - 00003736 _____ () C:\Windows\PFRO.log

2014-04-15 18:42 - 2014-04-15 18:42 - 00000296 _____ () C:\Users\User\Desktop\Firefox Es kommen ständig die gleichen Werbe-Fenster zwischendurch - Trojaner-Board.URL

2014-04-14 23:52 - 2014-04-15 19:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-14 23:52 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-14 23:52 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-14 23:52 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-14 23:42 - 2014-04-14 23:42 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-04-14 20:24 - 2014-04-14 20:24 - 00000715 _____ () C:\Windows\setupact.log

2014-04-14 20:24 - 2014-04-14 20:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-14 20:19 - 2014-04-14 20:20 - 00000000 ____D () C:\Users\Public\Documents\MAGIX

2014-04-14 20:19 - 2014-04-14 20:19 - 00000979 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk

2014-04-14 20:18 - 2014-04-14 20:21 - 00000000 ___RD () C:\Users\User\Documents\MAGIX

2014-04-14 20:17 - 2014-04-14 20:21 - 00000000 ____D () C:\ProgramData\MAGIX

2014-04-14 20:17 - 2014-04-14 20:18 - 00000000 ____D () C:\Program Files\MAGIX

2014-04-14 20:17 - 2014-04-14 20:18 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services

2014-04-14 20:04 - 2014-04-14 20:26 - 00001233 _____ () C:\Users\User\Desktop\Musik Hamid - Verknüpfung.lnk

2014-04-14 20:04 - 2014-04-14 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\MAGIX

2014-04-14 19:50 - 2014-04-14 19:51 - 28886538 _____ () C:\Users\User\Downloads\mixxx-1.11.0-win32.exe

2014-04-13 19:04 - 2014-04-15 19:10 - 00000000 ____D () C:\Users\User\Desktop\Trojaner

2014-04-13 19:00 - 2014-04-15 19:10 - 00000000 ____D () C:\FRST

2014-04-13 19:00 - 2014-04-13 19:01 - 00042195 _____ () C:\Users\User\Downloads\Addition.txt

2014-04-13 19:00 - 2014-04-13 19:01 - 00024173 _____ () C:\Users\User\Downloads\FRST.txt

2014-04-13 18:59 - 2014-04-14 23:49 - 01042944 _____ (Farbar) C:\Users\User\Desktop\FRST.exe

2014-04-07 18:43 - 2014-04-07 19:24 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige

2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk
 

==================== One Month Modified Files and Folders =======
 

2014-04-15 19:10 - 2014-04-15 19:10 - 00019768 _____ () C:\Users\User\Desktop\FRST.txt

2014-04-15 19:10 - 2014-04-13 19:04 - 00000000 ____D () C:\Users\User\Desktop\Trojaner

2014-04-15 19:10 - 2014-04-13 19:00 - 00000000 ____D () C:\FRST

2014-04-15 19:09 - 2009-08-25 13:24 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job

2014-04-15 19:07 - 2010-03-06 01:11 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Windows\ERUNT

2014-04-15 19:04 - 2013-07-03 19:20 - 02065414 _____ () C:\Windows\WindowsUpdate.log

2014-04-15 19:03 - 2014-04-14 23:52 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-15 19:00 - 2010-03-06 01:11 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-15 18:59 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-15 18:59 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-15 18:59 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-15 18:58 - 2013-12-31 16:48 - 00000000 ____D () C:\AdwCleaner

2014-04-15 18:58 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-04-15 18:51 - 2014-04-15 18:51 - 00003736 _____ () C:\Windows\PFRO.log

2014-04-15 18:46 - 2012-03-28 09:52 - 00002623 _____ () C:\Users\User\Desktop\Microsoft Word.lnk

2014-04-15 18:45 - 2013-07-01 23:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-15 18:42 - 2014-04-15 18:42 - 00000296 _____ () C:\Users\User\Desktop\Firefox Es kommen ständig die gleichen Werbe-Fenster zwischendurch - Trojaner-Board.URL

2014-04-15 17:53 - 2006-11-02 14:47 - 00473504 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-14 23:49 - 2014-04-13 18:59 - 01042944 _____ (Farbar) C:\Users\User\Desktop\FRST.exe

2014-04-14 23:42 - 2014-04-14 23:42 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-04-14 22:06 - 2007-07-19 20:55 - 00148624 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT

2014-04-14 20:27 - 2006-11-02 12:33 - 01592666 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-14 20:26 - 2014-04-14 20:04 - 00001233 _____ () C:\Users\User\Desktop\Musik Hamid - Verknüpfung.lnk

2014-04-14 20:24 - 2014-04-14 20:24 - 00000715 _____ () C:\Windows\setupact.log

2014-04-14 20:24 - 2014-04-14 20:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-14 20:21 - 2014-04-14 20:18 - 00000000 ___RD () C:\Users\User\Documents\MAGIX

2014-04-14 20:21 - 2014-04-14 20:17 - 00000000 ____D () C:\ProgramData\MAGIX

2014-04-14 20:21 - 2014-04-14 20:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\MAGIX

2014-04-14 20:20 - 2014-04-14 20:19 - 00000000 ____D () C:\Users\Public\Documents\MAGIX

2014-04-14 20:19 - 2014-04-14 20:19 - 00000979 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk

2014-04-14 20:18 - 2014-04-14 20:17 - 00000000 ____D () C:\Program Files\MAGIX

2014-04-14 20:18 - 2014-04-14 20:17 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services

2014-04-14 20:17 - 2007-02-26 17:46 - 00000000 ____D () C:\Program Files\MSXML 4.0

2014-04-14 20:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Help

2014-04-14 20:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-04-14 19:51 - 2014-04-14 19:50 - 28886538 _____ () C:\Users\User\Downloads\mixxx-1.11.0-win32.exe

2014-04-13 19:01 - 2014-04-13 19:00 - 00042195 _____ () C:\Users\User\Downloads\Addition.txt

2014-04-13 19:01 - 2014-04-13 19:00 - 00024173 _____ () C:\Users\User\Downloads\FRST.txt

2014-04-12 11:53 - 2007-07-22 10:51 - 00113664 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-04-08 23:18 - 2007-07-20 18:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe

2014-04-08 23:18 - 2007-02-26 18:04 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-07 19:24 - 2014-04-07 18:43 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige

2014-04-03 09:51 - 2014-04-14 23:52 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-14 23:52 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-14 23:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk

2014-03-25 12:08 - 2014-03-13 18:28 - 00000000 ____D () C:\Users\User\Documents\Anki
 

Some content of TEMP:

====================

C:\Users\User\AppData\Local\Temp\avgnt.exe

C:\Users\User\AppData\Local\Temp\Quarantine.exe

C:\Users\User_2\AppData\Local\Temp\AskSLib.dll

C:\Users\User_2\AppData\Local\Temp\wlsetup-cvr.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-15 19:06
 

==================== End Of Log ============================

--- --- ---

Vielen Dank nochmals

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo

also anbei dann die log,txt

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=6c6dfd0764194e41845d20b577cc22dc

# engine=17928

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-04-17 06:01:38

# local_time=2014-04-17 08:01:38 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=1799 16775165 100 95 180037 168425403 172667 0

# compatibility_mode=5892 16776574 100 100 21781083 235290426 0 0

# scanned=218818

# found=2

# cleaned=0

# scan_time=7641

sh=8FF5C56B349BD89E740F460F284EA37DDA25728F ft=1 fh=dc88c7f09f5f8aae vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="G:\Programme von Festplatte\RegCleaner\regvissetup.exe"

sh=47E6CA19F96C1865541E0853D86282CE85C6BBC5 ft=1 fh=978c084e817558e0 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="G:\Programme von Festplatte\RegCleaner\repairv35pro.exe"

die checkup.txt

Code:

 Results of screen317's Security Check version 0.99.81  

 Windows Vista Service Pack 1 x86 (UAC is enabled)  

 Out of date service pack!! 

 Internet Explorer 7 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 CCleaner     

 Java DB 10.5.3.0   

 Java(TM) 6 Update 22  

 Java(TM) 6 Update 23  

 Java(TM) SE Runtime Environment 6 

 Java(TM) SE Development Kit 6 Update 23 

 Java version out of Date! 

 Adobe Flash Player 9 Flash Player out of Date! 

 Adobe Flash Player         12.0.0.77  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Mozilla Firefox 21.0 Firefox out of Date!  

 Google Chrome 31.0.1650.57  

 Google Chrome 31.0.1650.63  
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

und die FRST.txt

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014 01

Ran by User (administrator) on NOTEBOOK on 17-04-2014 23:05:25

Running from C:\Users\User\Desktop\Trojaner

Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 7

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe

(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe

(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe

(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403d83-ac64-11df-8eb6-0013a9c9eb0b} - H:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {65403dd4-ac64-11df-8eb6-001e101fa1f5} - H:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {863e7e65-c17e-11de-b137-0013a9c9eb0b} - p9dwwa61.exe

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {a47bbd1a-2984-11e1-b19f-0013a9c9eb0b} - I:\LaunchU3.exe -a

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003\...\MountPoints2: {f1a87b96-c3f1-11e3-8181-0013a9c9eb0b} - I:\LaunchU3.exe -a

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {65403d83-ac64-11df-8eb6-0013a9c9eb0b} - H:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {65403dd4-ac64-11df-8eb6-001e101fa1f5} - H:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {863e7e65-c17e-11de-b137-0013a9c9eb0b} - p9dwwa61.exe

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a47bbd1a-2984-11e1-b19f-0013a9c9eb0b} - I:\LaunchU3.exe -a

HKU\S-1-5-21-3478396187-4038831351-2685403778-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f1a87b96-c3f1-11e3-8181-0013a9c9eb0b} - I:\LaunchU3.exe -a
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: No Name - {6620E3D8-B3C3-45AC-AAE0-3C1A27A3B319} -  No File

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=20080128-1

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 37 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{63322D96-B808-49C1-BA74-E67EB9A64D31}: [NameServer]213.187.132.70
 

FireFox:

========

FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: 20-20 3D Viewer - IKEA - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f2nuqa9k.default-1388501107279\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-09]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
 

Chrome: 

=======

CHR DefaultSearchProvider: nationzoom

CHR DefaultSearchURL: hxxp://www.google.com

CHR DefaultNewTabURL: 

CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]

CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]

CHR Extension: (RealDownloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-12]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]

CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\User\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-20]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-13] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [57344 2006-12-14] ()

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe [112184 2007-01-24] (Sony Corporation)

S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)

S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe [75320 2007-01-24] (Sony Corporation)

S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-01-10] (Sony Corporation)

R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)

S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)

S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)

S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)

S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe [491520 2007-01-08] (Sony Corporation)

S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)

S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-01-08] (Sony Corporation)

S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)

R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-11-28] (Sony Corporation)

R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [172032 2006-11-28] (Sony Corporation)

R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-11-28] (Sony Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)

S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-17] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)

R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-04-23] (Texas Instruments)

S4 Amndewkxwnp; No ImagePath

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-17 23:02 - 2014-04-17 23:02 - 00987448 _____ () C:\Users\User\Desktop\SecurityCheck.exe

2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Windows\ERUNT

2014-04-15 18:51 - 2014-04-15 18:51 - 00003736 _____ () C:\Windows\PFRO.log

2014-04-14 23:52 - 2014-04-17 22:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-14 23:52 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-14 23:52 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-14 23:52 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-14 23:42 - 2014-04-14 23:42 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-04-14 20:24 - 2014-04-14 20:24 - 00000715 _____ () C:\Windows\setupact.log

2014-04-14 20:24 - 2014-04-14 20:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-14 20:19 - 2014-04-14 20:20 - 00000000 ____D () C:\Users\Public\Documents\MAGIX

2014-04-14 20:19 - 2014-04-14 20:19 - 00000979 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk

2014-04-14 20:18 - 2014-04-14 20:21 - 00000000 ___RD () C:\Users\User\Documents\MAGIX

2014-04-14 20:17 - 2014-04-14 20:21 - 00000000 ____D () C:\ProgramData\MAGIX

2014-04-14 20:17 - 2014-04-14 20:18 - 00000000 ____D () C:\Program Files\MAGIX

2014-04-14 20:17 - 2014-04-14 20:18 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services

2014-04-14 20:04 - 2014-04-14 20:26 - 00001233 _____ () C:\Users\User\Desktop\Musik Hamid - Verknüpfung.lnk

2014-04-14 20:04 - 2014-04-14 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\MAGIX

2014-04-14 19:50 - 2014-04-14 19:51 - 28886538 _____ () C:\Users\User\Downloads\mixxx-1.11.0-win32.exe

2014-04-13 19:04 - 2014-04-17 23:05 - 00000000 ____D () C:\Users\User\Desktop\Trojaner

2014-04-13 19:00 - 2014-04-17 23:05 - 00000000 ____D () C:\FRST

2014-04-13 19:00 - 2014-04-13 19:01 - 00042195 _____ () C:\Users\User\Downloads\Addition.txt

2014-04-13 19:00 - 2014-04-13 19:01 - 00024173 _____ () C:\Users\User\Downloads\FRST.txt

2014-04-07 18:43 - 2014-04-07 19:24 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige

2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk
 

==================== One Month Modified Files and Folders =======
 

2014-04-17 23:05 - 2014-04-13 19:04 - 00000000 ____D () C:\Users\User\Desktop\Trojaner

2014-04-17 23:05 - 2014-04-13 19:00 - 00000000 ____D () C:\FRST

2014-04-17 23:05 - 2009-08-25 13:24 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job

2014-04-17 23:02 - 2014-04-17 23:02 - 00987448 _____ () C:\Users\User\Desktop\SecurityCheck.exe

2014-04-17 22:57 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-17 22:57 - 2006-11-02 14:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-17 22:51 - 2014-04-14 23:52 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-17 22:45 - 2013-07-01 23:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-17 22:07 - 2010-03-06 01:11 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-17 20:24 - 2006-11-02 12:33 - 01592666 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-17 18:07 - 2010-03-06 01:11 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-17 17:54 - 2013-07-03 19:20 - 02089768 _____ () C:\Windows\WindowsUpdate.log

2014-04-17 17:43 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-15 20:10 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-04-15 19:06 - 2014-04-15 19:06 - 00000000 ____D () C:\Windows\ERUNT

2014-04-15 18:58 - 2013-12-31 16:48 - 00000000 ____D () C:\AdwCleaner

2014-04-15 18:51 - 2014-04-15 18:51 - 00003736 _____ () C:\Windows\PFRO.log

2014-04-15 18:46 - 2012-03-28 09:52 - 00002623 _____ () C:\Users\User\Desktop\Microsoft Word.lnk

2014-04-15 17:53 - 2006-11-02 14:47 - 00473504 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-14 23:52 - 2014-04-14 23:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-14 23:42 - 2014-04-14 23:42 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-04-14 22:06 - 2007-07-19 20:55 - 00148624 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT

2014-04-14 20:26 - 2014-04-14 20:04 - 00001233 _____ () C:\Users\User\Desktop\Musik Hamid - Verknüpfung.lnk

2014-04-14 20:24 - 2014-04-14 20:24 - 00000715 _____ () C:\Windows\setupact.log

2014-04-14 20:24 - 2014-04-14 20:24 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-14 20:21 - 2014-04-14 20:18 - 00000000 ___RD () C:\Users\User\Documents\MAGIX

2014-04-14 20:21 - 2014-04-14 20:17 - 00000000 ____D () C:\ProgramData\MAGIX

2014-04-14 20:21 - 2014-04-14 20:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\MAGIX

2014-04-14 20:20 - 2014-04-14 20:19 - 00000000 ____D () C:\Users\Public\Documents\MAGIX

2014-04-14 20:19 - 2014-04-14 20:19 - 00000979 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk

2014-04-14 20:18 - 2014-04-14 20:17 - 00000000 ____D () C:\Program Files\MAGIX

2014-04-14 20:18 - 2014-04-14 20:17 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services

2014-04-14 20:17 - 2007-02-26 17:46 - 00000000 ____D () C:\Program Files\MSXML 4.0

2014-04-14 20:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Help

2014-04-14 20:17 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-04-14 19:51 - 2014-04-14 19:50 - 28886538 _____ () C:\Users\User\Downloads\mixxx-1.11.0-win32.exe

2014-04-13 19:01 - 2014-04-13 19:00 - 00042195 _____ () C:\Users\User\Downloads\Addition.txt

2014-04-13 19:01 - 2014-04-13 19:00 - 00024173 _____ () C:\Users\User\Downloads\FRST.txt

2014-04-12 11:53 - 2007-07-22 10:51 - 00113664 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-04-08 23:18 - 2007-07-20 18:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe

2014-04-08 23:18 - 2007-02-26 18:04 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-07 19:24 - 2014-04-07 18:43 - 00000000 ____D () C:\Users\User\Desktop\Kleinanzeige

2014-04-03 09:51 - 2014-04-14 23:52 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-14 23:52 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-14 23:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-01 17:27 - 2014-04-01 17:27 - 00000488 _____ () C:\Users\User\Desktop\Katzemich - Verknüpfung.lnk

2014-03-25 12:08 - 2014-03-13 18:28 - 00000000 ____D () C:\Users\User\Documents\Anki
 

Some content of TEMP:

====================

C:\Users\User\AppData\Local\Temp\avgnt.exe

C:\Users\User\AppData\Local\Temp\Quarantine.exe

C:\Users\User_2\AppData\Local\Temp\AskSLib.dll

C:\Users\User_2\AppData\Local\Temp\wlsetup-cvr.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-17 17:54
 

==================== End Of Log ============================

--- --- ---

Eigentlich scheint alles zu laufen.

Ich frage mich nur folgende Sachen:

Muss ich den Firefox anders einstellen um ihn sicherer zu machen?
Ist mein Virenschutzprogramm Avira ausreichend?
Das Programm malwarebytes läuft jetzt immer als Prozess. Ist das so richtig?

Vielen Dank nochmal. :-)

Java, Flash, Adobe und Firefox updaten. die beiden Downloads die ESET anmeckert löschen.

In Firefox einen Adblocker nutzen
Avira is scheisse, ich empfehle immer Emsisoft
Das läuft nur solange die TEstphase läuft, 30 Tage, danach ist es ne Freeware.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hi,

war jetzt eine Woche im Urlaub. Sorry.

Welche beiden Downloads werden denn von ESET bemängelt? Kann das nicht erkennen.

Macht es Sinn sich von Malwarebyte die ProVersion zu kaufen? Habe jetzt schon ein paar mal erlebt, dass Malwarebyte in der Testversion Software blockiert hat.

Danke und Grüße

PS: Nach der Installation von no script funktioniert jetzt autoscout und mobile.de nicht mehr. Auch wenn ich die Seite erlaube. Was könnte der Grund sein? Wenn ich alle skripte erlaube geht es

Dann wird noch ein Script geblockt, unten auf das Symbol schauen und Scripte einzeln erlauben.

G:\Programme von Festplatte\RegCleaner\regvissetup.exe
G:\Programme von Festplatte\RegCleaner\repairv35pro.exe

Wenn du nen vollwertiges gutes AV hast reicht MBAM free.