Trojaner-Board - Trash.Gen Trojaner laut 'Free AntiVirus' auf Vaio Notebook

Sorry, hatte Reste von einem anderen (fremden Post) in meinem Post.

Hier die Log-Dateien.

FRST.txt:
http://www.trojaner-board.de/attachm...1&d=1425124837

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01

Ran by ralf (administrator) on RALF-VAIO on 28-02-2015 12:49:51

Running from D:\Farbar Recovery Scan Tool

Loaded Profiles: ralf (Available profiles: ralf)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe

(ALPS) C:\Program Files\Apoint\Apvfb.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)

HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-10-11] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)

HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-09-01] (cyberlink)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-10] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2547048 2011-03-30] (Hewlett-Packard Co.)

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyEnable: [S-1-5-21-1360313009-1661305651-1722505978-1000] => Internet Explorer proxy is enabled.

ProxyServer: [S-1-5-21-1360313009-1661305651-1722505978-1000] => http=hxxp://127.0.0.1:9880

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-SB_oLBu_qgXt9sekhYwQFmVw_EqzBSrJNzpgYQ_Gc3T2IowKP13Y7IXiwytBMtZMqzQDqNY58zk8DW_bZpZe4MEnBHkKHQ594OHoqkqbL4C99zlmoEhuGOdojKZaEi06yRVq3WZmTjpKJffm&q={searchTerms}

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-SB_oLBu_qgXt9sekhYwQFmVw_EqzBSrJNzpgYQ_Gc3T2IowKP13Y7IXiwytBMtZMqzQDqNY58zk8DW_bZpZe4MEnBHkKHQ594OHoqkqbL4C99zlmoEhuGOdojKZaEi06yRVq3WZmTjpKJffm&q={searchTerms}

SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-SB_oLBu_qgXt9sekhYwQFmVw_EqzBSrJNzpgYQ_Gc3T2IowKP13Y7IXiwytBMtZMqzQDqNY58zk8DW_bZpZe4MEnBHkKHQ594OHoqkqbL4C99zlmoEhuGOdojKZaEi06yRVq3WZmTjpKJffm&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1360313009-1661305651-1722505978-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKU\S-1-5-21-1360313009-1661305651-1722505978-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-SB_oLBu_qgXt9sekhYwQFmVw_EqzBSrJNzpgYQ_Gc3T2IowKP13Y7IXiwytBMtZMqzQDqNY58zk8DW_bZpZe4MEnBHkKHQ594OHoqkqbL4C99zlmoEhuGOdojKZaEi06yRVq3WZmTjpKJffm&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1360313009-1661305651-1722505978-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6A570024D63F8247&affID=127690&tsp=5190

SearchScopes: HKU\S-1-5-21-1360313009-1661305651-1722505978-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} ->  No File

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File

BHO-x32: No Name -> {93DBF2BB-A2B3-4683-A92E-57E60751F346} ->  No File

BHO-x32: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} ->  No File

BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKLM-x32 - No Name - {1FAFD711-ABF9-4F6A-8130-5166C7371427} -  No File

Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKU\S-1-5-21-1360313009-1661305651-1722505978-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393055281&from=tugs&uid=ST9500325AS_5VE55BC3XXXX5VE55BC3
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File

CHR Profile: C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Docs) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]

CHR Extension: (BlockAndSurf) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmmlggebfibbjmpckgjhbiogomjanld [2014-06-20]

CHR Extension: (ApptoU) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbgfljhceecpkkfmgfogpmccgblgidd [2014-03-29]

CHR Extension: (No Name) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2014-02-16]

CHR Extension: (No Name) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon [2014-02-22]

CHR Extension: (No Name) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb [2014-02-21]

CHR Extension: (Google Wallet) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-23]

CHR Extension: (Gmail) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-18]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-12-02] (Macrovision Europe Ltd.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)

S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)

S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)

S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)

R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [527872 2009-10-12] (Sony Corporation) [File not signed]

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-30] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-30] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-28] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)

R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-09-01] (CyberLink Corp.)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-28 12:49 - 2015-02-28 12:49 - 00000000 ____D () C:\FRST

2015-02-28 12:37 - 2015-02-28 12:37 - 00000000 ___RD () C:\Users\ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9

2015-02-28 04:10 - 2015-02-28 04:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2015-02-28 03:27 - 2015-02-28 12:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-28 03:26 - 2015-02-28 04:10 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-28 03:26 - 2015-02-28 03:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-28 03:26 - 2015-02-28 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-28 03:26 - 2015-02-28 03:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-28 03:26 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-28 03:26 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-28 03:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-31 17:33 - 2015-01-31 17:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf

2015-01-30 19:45 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-30 19:45 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-30 19:45 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-30 19:45 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-30 19:45 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-30 19:45 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-30 19:45 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-30 19:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-30 19:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-30 19:34 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-30 19:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-30 19:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-30 19:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-28 12:49 - 2014-03-18 17:49 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {D0E400D3-C233-453A-9B3C-AD86C10E9CE9}.job

2015-02-28 12:42 - 2009-07-14 18:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2015-02-28 12:42 - 2009-07-14 18:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2015-02-28 12:42 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-28 12:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-28 12:36 - 2014-03-26 09:12 - 00005094 _____ () C:\Windows\setupact.log

2015-02-28 12:34 - 2009-12-02 11:16 - 01373552 _____ () C:\Windows\WindowsUpdate.log

2015-02-28 12:03 - 2012-07-06 15:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-28 12:01 - 2011-12-17 17:05 - 00000254 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job

2015-02-28 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-02-28 09:40 - 2014-03-18 17:49 - 00000000 ____D () C:\Users\ralf\AppData\Local\PirritSuggestor

2015-02-28 09:02 - 2014-03-17 19:21 - 00000000 ____D () C:\ProgramData\Websteroids

2015-02-28 09:02 - 2014-02-22 08:48 - 00000000 ____D () C:\Users\ralf\AppData\Roaming\awesomehp

2015-02-28 09:02 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files (x86)\SavingsBull

2015-02-28 07:07 - 2014-02-09 13:13 - 00000000 ____D () C:\Program Files (x86)\Iminent

2015-02-28 07:07 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-28 07:07 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-28 06:15 - 2010-01-01 13:36 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D9E7321E-0F6E-4613-ABD8-17E20460C501}

2015-02-28 03:39 - 2014-06-15 07:25 - 00002410 _____ () C:\Windows\PFRO.log

2015-01-31 17:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-31 16:18 - 2010-01-05 20:24 - 00000000 ____D () C:\Users\ralf\Documents\WebCam Media

2015-01-31 16:03 - 2012-07-06 15:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-31 16:03 - 2012-07-06 15:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-31 16:03 - 2012-02-19 13:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-31 15:48 - 2013-08-15 08:05 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-31 15:43 - 2013-03-27 20:32 - 00000000 ____D () C:\Users\ralf\AppData\Roaming\Apple Computer

2015-01-31 15:41 - 2010-01-04 11:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

==================== Files in the root of some directories =======
 

2013-09-18 17:17 - 2013-09-18 17:17 - 1084677 _____ () C:\Users\ralf\AppData\Roaming\2433f433

2014-03-18 17:51 - 2014-03-18 17:52 - 0000318 _____ () C:\Users\ralf\AppData\Roaming\aps.uninstall.scan.results

2014-01-25 16:06 - 2014-01-25 16:06 - 0000000 _____ () C:\Users\ralf\AppData\Roaming\wklnhst.dat

2013-09-18 17:17 - 2013-09-18 17:17 - 1084694 _____ () C:\Users\ralf\AppData\Local\2433f433

2014-03-18 17:46 - 2014-03-18 12:55 - 1172664 _____ (AnyProtect.com) C:\Users\ralf\AppData\Local\AnyProtectScannerSetup.exe

2014-02-06 06:45 - 2014-02-06 06:45 - 0004096 ____H () C:\Users\ralf\AppData\Local\keyfile3.drm

2014-02-22 09:11 - 2014-02-22 09:11 - 0828200 _____ (AnyProtect.com) C:\Users\ralf\AppData\Local\nsi6D67.tmp

2010-01-04 14:11 - 2014-03-25 15:21 - 0000040 ___SH () C:\ProgramData\.zreglib

2013-09-18 17:17 - 2013-09-18 17:17 - 1084732 _____ () C:\ProgramData\2433f433

2010-01-04 12:47 - 2010-01-04 12:57 - 0000088 __RSH () C:\ProgramData\84153FD226.sys

2011-12-17 17:03 - 2011-12-17 17:03 - 0000057 _____ () C:\ProgramData\Ament.ini

2013-11-13 15:32 - 2013-11-23 13:08 - 95025368 ____T () C:\ProgramData\j6h72amq.bxx

2013-11-13 15:32 - 2013-11-23 13:04 - 0000000 _____ () C:\ProgramData\j6h72amq.fvv

2010-01-04 12:47 - 2010-01-04 12:57 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
 

Files to move or delete:

====================

C:\ProgramData\j6h72amq.bxx

C:\ProgramData\j6h72amq.fvv

C:\Users\Public\AlexaNSISPlugin.12252.dll
 
 

Some content of TEMP:

====================

C:\Users\ralf\AppData\Local\Temp\avgnt.exe

C:\Users\ralf\AppData\Local\Temp\EnableExtDll.dll

C:\Users\ralf\AppData\Local\Temp\FW_screensaver.exe

C:\Users\ralf\AppData\Local\Temp\IEHistory.exe

C:\Users\ralf\AppData\Local\Temp\InstalledPrograms.exe

C:\Users\ralf\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe

C:\Users\ralf\AppData\Local\Temp\install_flashplayer12x32axau_gtba_chra_dy_aaa_aih.exe

C:\Users\ralf\AppData\Local\Temp\install_reader11_de_chra_awa_aih.exe

C:\Users\ralf\AppData\Local\Temp\install_reader11_de_gtbd_chrd_dn_aaa_aih.exe

C:\Users\ralf\AppData\Local\Temp\vcredist_x64.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-28 10:23
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt:
http://www.trojaner-board.de/attachm...1&d=1425124837

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01

Ran by ralf at 2015-02-28 12:51:04

Running from D:\Farbar Recovery Scan Tool

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.12.36 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0.1 - Adobe Systems Incorporated)

Adobe Premiere Elements 7.0 (HKLM-x32\...\PremElem70) (Version: 7.0.1 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)

ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft)

ATI Catalyst Install Manager (HKLM\...\{A4BC24CB-F8C7-27FB-41D5-47A405031A41}) (Version: 3.0.732.0 - ATI Technologies, Inc.)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

ccc-core-static (x32 Version: 2009.0710.1127.18698 - Ihr Firmenname) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden

Click to Disc (HKLM-x32\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.73.04270 - Sony Corporation)

Click to Disc (x32 Version: 1.2.73.04270 - Sony Corporation) Hidden

Click to Disc Editor (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 2.0.03.04150 - Sony Corporation)

Click to Disc Editor (x32 Version: 2.0.02 - Sony Corporation) Hidden

Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2201 - CyberLink Corp.)

Dolby Control Center (HKLM\...\{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}) (Version: 1.2.0702 - Dolby)

Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.4.0.06120 - Sony Corporation)

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140117 - Landesfinanzdirektion Thüringen)

HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{27780511-1D05-402F-AAB3-434C1A212B63}) (Version: 23.0.504.0 - Hewlett-Packard Co.)

HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)

HP Update (HKLM-x32\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)

HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB67}) (Version: 1.0.3.0 - Hewlett Packard)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)

Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MusicStation (HKLM-x32\...\{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}) (Version: 1.2.2.180 - Omnifone)

Nero 9 Lite (HKLM-x32\...\{d5aca4cc-d9f6-4e7f-aa6f-6eb0b8bb7539}) (Version:  - Nero AG)

Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)

Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden

Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)

Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden

SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION

Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.0.0.07300 - Sony Corporation)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.0.0.07280 - Sony Corporation)

Sony Home Network Library (x32 Version: 2.0.0.07280 - Sony Corporation) Hidden

Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.12.16210 - Sony Corporation)

Studie zur Verbesserung von HP Deskjet 3050A J611 series Produkten (HKLM\...\{B287D3C0-6B3A-4A41-9FF8-ADCFF2917229}) (Version: 23.0.504.0 - Hewlett-Packard Co.)

TeamViewer 5 (HKLM-x32\...\TeamViewer 5) (Version: 5.0.7572  - TeamViewer GmbH)

Unterstützung für VAIO-Präsentation (HKLM-x32\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 2.0.0.05270 - Sony Corporation)

VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{0A5F02E5-1A52-4F85-892C-A35227641C75}) (Version: 3.5.0.06261 - Sony Corporation)

VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.5.0.06261 - Sony Corporation) Hidden

VAIO Content Metadata Intelligent Network Service Manager (HKLM-x32\...\{3B1168DE-1F8C-471C-AC49-0CA52F096170}) (Version: 3.5.0.06260 - Sony Corporation)

VAIO Content Metadata Intelligent Network Service Manager (x32 Version: 3.5.0.06260 - Sony Corporation) Hidden

VAIO Content Metadata Manager Settings (HKLM-x32\...\{7395DD51-0D1A-47A7-9993-742073ECF4CE}) (Version: 3.5.0.06260 - Sony Corporation)

VAIO Content Metadata Manager Settings (x32 Version: 3.5.0.06260 - Sony Corporation) Hidden

VAIO Content Metadata XML Interface Library (HKLM-x32\...\{949419DF-F4AF-4693-B60A-522B24F233C6}) (Version: 3.5.0.06180 - Sony Corporation)

VAIO Content Metadata XML Interface Library (x32 Version: 3.5.0.06180 - Sony Corporation) Hidden

VAIO Content Monitoring Settings (x32 Version: 2.4.0.06120 - Sony Corporation) Hidden

VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.0.0.06120 - Sony Corporation)

VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.1.01.06290 - Sony Corporation)

VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)

VAIO Energie Verwaltung (HKLM-x32\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 4.0.0.07160 - Sony Corporation)

VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.0.0.07010 - Sony Corporation)

VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 1.0.1.10190 - Sony Corporation)

VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version:  - Sony Corporation)

VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.0.07280 - Sony Corporation)

VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)

VAIO Movie Story (HKLM-x32\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.5.00.06191 - Sony Corporation)

VAIO Movie Story (x32 Version: 1.5.00.06191 - Sony Corporation) Hidden

VAIO Movie Story Template Data (HKLM-x32\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.5.00.06010 - Sony Corporation)

VAIO Original Function Settings (x32 Version: 2.0.0.07010 - Sony Corporation) Hidden

VAIO Original Funktion Einstellungen (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.0.0.07010 - Sony Corporation)

VAIO Premium Partners 1.00 (HKLM-x32\...\VAIO Premium Partners 1.00) (Version:  - )

VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)

VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)

VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)

VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)

VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden

Websteroids (x32 Version: 2.6.63 - Creative Island Media, LLC) Hidden <==== ATTENTION

WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)

Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

30-01-2015 19:46:02 Windows Update

31-01-2015 15:40:27 Windows Update

28-02-2015 06:33:39 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {1B77CDCA-BF1C-4C22-AA85-938C7CC01AED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {1C71FCCB-82D4-4A4D-A37A-8D7032FD7E56} - System32\Tasks\FF Watcher {D0E400D3-C233-453A-9B3C-AD86C10E9CE9} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION

Task: {260BFA3C-16BD-441B-B534-5BAB2F0AB5A9} - System32\Tasks\4602 => Wscript.exe C:\Users\ralf\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {2C451245-5A56-4AF5-9632-8D3992D3901D} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-10-20] (Sony Corporation)

Task: {434A6423-3F87-475E-A8B8-BAC2E99D15FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)

Task: {50E195A8-29D9-4EFD-9C46-EADE7CE8B1DD} - System32\Tasks\{EB854747-EC46-456A-8159-B087E4DA5CCB} => pcalua.exe -a C:\Users\ralf\AppData\Roaming\awesomehp\UninstallManager.exe

Task: {71F82300-4682-4C03-B8B4-A3364290E92A} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30] (Hewlett-Packard Co.)

Task: {76C6E656-C54E-4A92-834C-E6112DC7EDC6} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)

Task: {9521D7EF-F0F4-4E99-B8EC-43C3AFB402FB} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION

Task: {B99DD1B0-181D-4AA6-AE19-B2691D6CB89C} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)

Task: {DEFAA46C-B3DF-4FC8-9FB6-3706D3D2D552} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {E0C9CF4F-6CC9-4495-8A9B-CC6D58ED34AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

Task: {E772858F-0AED-452D-BC2F-1C8DB49C1709} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FF Watcher {D0E400D3-C233-453A-9B3C-AD86C10E9CE9}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION

Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2009-09-21 15:04 - 2009-09-21 15:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

2011-03-30 22:19 - 2011-03-30 22:19 - 02673000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll

2008-08-26 11:41 - 2008-08-26 11:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2009-12-02 11:18 - 2009-12-02 11:18 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2009-12-02 11:45 - 2009-07-01 11:49 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll

2009-12-02 11:45 - 2009-07-01 11:49 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ralf\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: Media is not connected to internet.
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: Avemd => C:\Users\ralf\AppData\Roaming\Igzuk\igoqa.exe

MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: unuce.exe => C:\Users\ralf\AppData\Roaming\Itvyyf\unuce.exe
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-1360313009-1661305651-1722505978-500 - Administrator - Disabled)

Gast (S-1-5-21-1360313009-1661305651-1722505978-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1360313009-1661305651-1722505978-1002 - Limited - Enabled)

ralf (S-1-5-21-1360313009-1661305651-1722505978-1000 - Administrator - Enabled) => C:\Users\ralf
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/28/2015 10:32:12 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (02/28/2015 10:32:12 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (02/28/2015 10:32:12 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (02/28/2015 10:32:11 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (01/31/2015 05:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(c0:63:94:39:fb:96@fe80::c263:94ff:fe39:fb96._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.
 

Error: (01/31/2015 05:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(d8:9e:3f:8b:7c:43@fe80::da9e:3fff:fe8b:7c43._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
 

Error: (01/31/2015 05:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(d8:9e:3f:8b:7c:43@fe80::da9e:3fff:fe8b:7c43._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
 

Error: (01/31/2015 05:54:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 24
 

Error: (01/31/2015 05:54:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 23
 

Error: (01/31/2015 05:54:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
 

System errors:

=============

Error: (02/28/2015 00:39:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.
 

Error: (02/28/2015 00:38:27 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (02/28/2015 00:37:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.
 

Error: (02/28/2015 00:36:57 PM) (Source: atikmdag) (EventID: 10261) (User: )

Description: Display is not active
 

Error: (02/28/2015 00:36:57 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter
 

Error: (02/28/2015 06:59:47 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "VAIO Power Management" wurde nicht richtig gestartet.
 

Error: (02/28/2015 06:59:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.
 

Error: (02/28/2015 06:59:14 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (02/28/2015 06:57:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "WinkHandler" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%216
 

Error: (02/28/2015 06:57:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.
 
 

Microsoft Office Sessions:

=========================

Error: (02/28/2015 10:32:12 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe
 

Error: (02/28/2015 10:32:12 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe
 

Error: (02/28/2015 10:32:12 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe
 

Error: (02/28/2015 10:32:11 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe
 

Error: (01/31/2015 05:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(c0:63:94:39:fb:96@fe80::c263:94ff:fe39:fb96._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.
 

Error: (01/31/2015 05:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(d8:9e:3f:8b:7c:43@fe80::da9e:3fff:fe8b:7c43._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
 

Error: (01/31/2015 05:56:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(d8:9e:3f:8b:7c:43@fe80::da9e:3fff:fe8b:7c43._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
 

Error: (01/31/2015 05:54:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 24
 

Error: (01/31/2015 05:54:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 23
 

Error: (01/31/2015 05:54:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz

Percentage of memory in use: 34%

Total physical RAM: 4063.02 MB

Available physical RAM: 2653.85 MB

Total Pagefile: 8124.23 MB

Available Pagefile: 6197.95 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:454.74 GB) (Free:388.34 GB) NTFS

Drive d: (ABSCUSB 8GB) (Removable) (Total:7.46 GB) (Free:3.19 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 24E99F6D)

Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=454.7 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (Size: 7.5 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Danke und schöne Grüße

OK, weiter gehts :-) Neuer Tag neues Glück.

Revo Uninstaller installiert und wie beschrieben die Schritte durchgeführt.

FRST mit Fixlist.txt ausgeführt, hier das LOG (Fixlog.txt):

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01

Ran by ralf at 2015-03-01 09:31:40 Run:1

Running from C:\Users\ralf\Desktop

Loaded Profiles: ralf (Available profiles: ralf)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

C:\Users\ralf\AppData\Roaming\Itvyyf

C:\Users\ralf\AppData\Roaming\Igzuk

DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\unuce.exe

DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Avemd

Task: C:\Windows\Tasks\FF Watcher {D0E400D3-C233-453A-9B3C-AD86C10E9CE9}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION

C:\Program Files\V-bates

Task: {DEFAA46C-B3DF-4FC8-9FB6-3706D3D2D552} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {260BFA3C-16BD-441B-B534-5BAB2F0AB5A9} - System32\Tasks\4602 => Wscript.exe C:\Users\ralf\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

C:\Users\ralf\AppData\Local\Temp\launchie.vbs

Task: {1C71FCCB-82D4-4A4D-A37A-8D7032FD7E56} - System32\Tasks\FF Watcher {D0E400D3-C233-453A-9B3C-AD86C10E9CE9} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found

C:\PROGRA~2\SearchProtect

C:\PROGRA~2\OPTIMI~1

ProxyEnable: [S-1-5-21-1360313009-1661305651-1722505978-1000] => Internet Explorer proxy is enabled.

ProxyServer: [S-1-5-21-1360313009-1661305651-1722505978-1000] => http=hxxp://127.0.0.1:9880

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-SB_oLBu_qgXt9sekhYwQFmVw_EqzBSrJNzpgYQ_Gc3T2IowKP13Y7IXiwytBMtZMqzQDqNY58zk8DW_bZpZe4MEnBHkKHQ594OHoqkqbL4C99zlmoEhuGOdojKZaEi06yRVq3WZmTjpKJffm&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-SB_oLBu_qgXt9sekhYwQFmVw_EqzBSrJNzpgYQ_Gc3T2IowKP13Y7IXiwytBMtZMqzQDqNY58zk8DW_bZpZe4MEnBHkKHQ594OHoqkqbL4C99zlmoEhuGOdojKZaEi06yRVq3WZmTjpKJffm&q={searchTerms}

SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-SB_oLBu_qgXt9sekhYwQFmVw_EqzBSrJNzpgYQ_Gc3T2IowKP13Y7IXiwytBMtZMqzQDqNY58zk8DW_bZpZe4MEnBHkKHQ594OHoqkqbL4C99zlmoEhuGOdojKZaEi06yRVq3WZmTjpKJffm&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1360313009-1661305651-1722505978-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQ6zvuZ2qcrXvuX0FvNkLR3HRCmfF1tnOQuVKRpOq6F03dieA0o-SB_oLBu_qgXt9sekhYwQFmVw_EqzBSrJNzpgYQ_Gc3T2IowKP13Y7IXiwytBMtZMqzQDqNY58zk8DW_bZpZe4MEnBHkKHQ594OHoqkqbL4C99zlmoEhuGOdojKZaEi06yRVq3WZmTjpKJffm&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1360313009-1661305651-1722505978-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6A570024D63F8247&affID=127690&tsp=5190

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393055281&from=tugs&uid=ST9500325AS_5VE55BC3XXXX5VE55BC3

2015-02-28 09:40 - 2014-03-18 17:49 - 00000000 ____D () C:\Users\ralf\AppData\Local\PirritSuggestor

2015-02-28 09:02 - 2014-03-17 19:21 - 00000000 ____D () C:\ProgramData\Websteroids

2015-02-28 09:02 - 2014-02-22 08:48 - 00000000 ____D () C:\Users\ralf\AppData\Roaming\awesomehp

2015-02-28 09:02 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files (x86)\SavingsBull

2015-02-28 07:07 - 2014-02-09 13:13 - 00000000 ____D () C:\Program Files (x86)\Iminent

File: C:\ProgramData\84153FD226.sys

C:\Users\ralf\AppData\Local\AnyProtectScannerSetup.exe

EmptyTemp:

CreateRestorePoint:
 

*****************
 

"C:\Users\ralf\AppData\Roaming\Itvyyf" => File/Directory not found.

"C:\Users\ralf\AppData\Roaming\Igzuk" => File/Directory not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\unuce.exe => Key Deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Avemd => Key Deleted successfully.

C:\Windows\Tasks\FF Watcher {D0E400D3-C233-453A-9B3C-AD86C10E9CE9}.job not found.

"C:\Program Files\V-bates" => File/Directory not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEFAA46C-B3DF-4FC8-9FB6-3706D3D2D552}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEFAA46C-B3DF-4FC8-9FB6-3706D3D2D552}" => Key deleted successfully.

C:\Windows\System32\Tasks\0 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{260BFA3C-16BD-441B-B534-5BAB2F0AB5A9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{260BFA3C-16BD-441B-B534-5BAB2F0AB5A9}" => Key deleted successfully.

C:\Windows\System32\Tasks\4602 => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4602" => Key deleted successfully.

"C:\Users\ralf\AppData\Local\Temp\launchie.vbs" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C71FCCB-82D4-4A4D-A37A-8D7032FD7E56} => Key not found. 

C:\Windows\System32\Tasks\FF Watcher {D0E400D3-C233-453A-9B3C-AD86C10E9CE9} not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {D0E400D3-C233-453A-9B3C-AD86C10E9CE9} => Key not found. 

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data not found.

" C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL" => Value Data not found.

"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data not found.

"C:\PROGRA~2\SearchProtect" => File/Directory not found.

"C:\PROGRA~2\OPTIMI~1" => File/Directory not found.

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 

HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 

HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. 

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. 

HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. 

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.

"C:\Users\ralf\AppData\Local\PirritSuggestor" => File/Directory not found.

"C:\ProgramData\Websteroids" => File/Directory not found.

"C:\Users\ralf\AppData\Roaming\awesomehp" => File/Directory not found.

"C:\Program Files (x86)\SavingsBull" => File/Directory not found.

"C:\Program Files (x86)\Iminent" => File/Directory not found.
 

========================= File: C:\ProgramData\84153FD226.sys ========================
 

MD5: 07B4369AB066E4EE06DA3D70D988A5BD

Creation and modification date: 2010-01-04 12:47 - 2010-01-04 12:57

Size: 0000088

Attributes: --RSH

Company Name: 

Internal Name: 

Original Name: 

Product Name: 

Description: 

File Version: 

Product Version: 

Copyright: 
 

====== End Of File: ======
 

"C:\Users\ralf\AppData\Local\AnyProtectScannerSetup.exe" => File/Directory not found.

Restore point was successfully created.

EmptyTemp: => Removed 1.7 GB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog 09:33:46 ====

Rechner wurde dannach neugestartet, erforderte FRST.

Gerade läuft adwcleaner, Logs adwcleaner 1. Durchlauf (von gestern).
AdwCleaner Logfile:

Code:

# AdwCleaner v4.111 - Bericht erstellt 28/02/2015 um 15:26:11

# Aktualisiert 18/02/2015 von Xplode

# Datenbank : 2015-02-18.3 [Lokal]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)

# Benutzername : ralf - RALF-VAIO

# Gestarted von : D:\adwcleaner_4.111 (1).exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\Partner

Ordner Gelöscht : C:\ProgramData\Registry Helper

Ordner Gelöscht : C:\ProgramData\Tarma Installer

Ordner Gelöscht : C:\ProgramData\TubeDimmer

Ordner Gelöscht : C:\ProgramData\Websteroids

Ordner Gelöscht : C:\ProgramData\dEal4me

Ordner Gelöscht : C:\ProgramData\d02404b0f7cc0b4e

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller

Ordner Gelöscht : C:\Program Files (x86)\-BlockAndSurfS

Ordner Gelöscht : C:\Program Files (x86)\Iminent

Ordner Gelöscht : C:\Program Files (x86)\NewPlayer

Ordner Gelöscht : C:\Program Files (x86)\SavingsBull

Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller

Ordner Gelöscht : C:\Program Files (x86)\Uniblue

Ordner Gelöscht : C:\Program Files (x86)\fst_de_51

Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella

Ordner Gelöscht : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}

Ordner Gelöscht : C:\Program Files\Conduit

Ordner Gelöscht : C:\Program Files\SavingsbullFilter

Ordner Gelöscht : C:\Users\ralf\AppData\Local\apn

Ordner Gelöscht : C:\Users\ralf\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\ralf\AppData\Local\NewPlayer

Ordner Gelöscht : C:\Users\ralf\AppData\Local\PirritSuggestor

Ordner Gelöscht : C:\Users\ralf\AppData\Local\SearchProtect

Ordner Gelöscht : C:\Users\ralf\AppData\Local\VisualBeeClient

Ordner Gelöscht : C:\Users\ralf\AppData\Local\VisualBeeExe

Ordner Gelöscht : C:\Users\ralf\AppData\Local\Wajam

Ordner Gelöscht : C:\Users\ralf\AppData\Local\Websteroids

Ordner Gelöscht : C:\Users\ralf\AppData\Local\fst_de_51

Ordner Gelöscht : C:\Users\ralf\AppData\LocalLow\buenosearch LTD

Ordner Gelöscht : C:\Users\ralf\AppData\LocalLow\IminentToolbar

Ordner Gelöscht : C:\Users\ralf\AppData\Roaming\awesomehp

Ordner Gelöscht : C:\Users\ralf\AppData\Roaming\IminentToolbar

Ordner Gelöscht : C:\Users\ralf\AppData\Roaming\Systweak

Ordner Gelöscht : C:\Users\ralf\AppData\Roaming\Uniblue

Ordner Gelöscht : C:\Users\ralf\AppData\Roaming\ValueApps

Ordner Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon

Ordner Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb

Ordner Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmmlggebfibbjmpckgjhbiogomjanld

Ordner Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbgfljhceecpkkfmgfogpmccgblgidd

[/!\] Nicht Gelöscht ( Junction ) : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmmlggebfibbjmpckgjhbiogomjanld

Datei Gelöscht : C:\END

Datei Gelöscht : C:\Users\ralf\Favorites\Startfenster.lnk

Datei Gelöscht : C:\Users\ralf\Favorites\Links\Startfenster.lnk

Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx

Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys

Datei Gelöscht : C:\Windows\System32\roboot64.exe

Datei Gelöscht : C:\Users\ralf\AppData\Local\AnyProtectScannerSetup.exe

Datei Gelöscht : C:\Users\ralf\AppData\Roaming\aps.uninstall.scan.results

Datei Gelöscht : C:\Users\ralf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk

Datei Gelöscht : C:\Users\ralf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk

Datei Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx

Datei Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

Datei Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

Datei Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

Datei Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage

Datei Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage

Datei Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

Datei Gelöscht : C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage
 

***** [ Geplante Tasks ] *****
 

Task Gelöscht : FF Watcher {D0E400D3-C233-453A-9B3C-AD86C10E9CE9}
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.iminentESrvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.iminentESrvc.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iminent.iminentappCore

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iminent.iminentappCore.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5563BEFE-3B03-43B1-8041-64A9745DAA56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93DBF2BB-A2B3-4683-A92E-57E60751F346}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93DBF2BB-A2B3-4683-A92E-57E60751F346}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1FAFD711-ABF9-4F6A-8130-5166C7371427}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}

Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Schlüssel Gelöscht : HKCU\Software\Alexa Internet

Schlüssel Gelöscht : HKCU\Software\AnyProtect

Schlüssel Gelöscht : HKCU\Software\distromatic

Schlüssel Gelöscht : HKCU\Software\Iminent

Schlüssel Gelöscht : HKCU\Software\IminentToolbar

Schlüssel Gelöscht : HKCU\Software\SavingsBull

Schlüssel Gelöscht : HKCU\Software\systweak

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar

Schlüssel Gelöscht : HKCU\Software\Condut

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Bull

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SavingsBull

Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Schlüssel Gelöscht : HKLM\SOFTWARE\awesomehpSoftware

Schlüssel Gelöscht : HKLM\SOFTWARE\Freeze.com

Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent

Schlüssel Gelöscht : HKLM\SOFTWARE\IminentToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Pirrit

Schlüssel Gelöscht : HKLM\SOFTWARE\Registry Helper

Schlüssel Gelöscht : HKLM\SOFTWARE\SavingsBullFilter

Schlüssel Gelöscht : HKLM\SOFTWARE\systweak

Schlüssel Gelöscht : HKLM\SOFTWARE\Umbrella

Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Pirrit

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=hxxp://127.0.0.1:9880

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.16518
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 

-\\ Google Chrome v
 

[C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.awesomehp.com/web/?type=ds&ts=1393055281&from=tugs&uid=ST9500325AS_5VE55BC3XXXX5VE55BC3&q={searchTerms}
 

*************************
 

AdwCleaner[R0].txt - [21809 Bytes] - [28/02/2015 15:08:52]

AdwCleaner[S0].txt - [18743 Bytes] - [28/02/2015 15:26:11]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18803  Bytes] ##########

--- --- ---

2. Durchlauf von adwCleaner (von heute)
AdwCleaner Logfile:

Code:

# AdwCleaner v4.111 - Bericht erstellt 01/03/2015 um 09:45:33

# Aktualisiert 18/02/2015 von Xplode

# Datenbank : 2015-02-18.3 [Lokal]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)

# Benutzername : ralf - RALF-VAIO

# Gestarted von : D:\adwcleaner_4.111 (1).exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.16518
 
 

-\\ Google Chrome v
 
 

*************************
 

AdwCleaner[R0].txt - [21809 Bytes] - [28/02/2015 15:08:52]

AdwCleaner[R1].txt - [876 Bytes] - [01/03/2015 09:42:15]

AdwCleaner[S0].txt - [19040 Bytes] - [28/02/2015 15:26:11]

AdwCleaner[S1].txt - [799 Bytes] - [01/03/2015 09:45:33]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [857  Bytes] ##########

--- --- ---

Ich habe auch noch Dateien von adwCleaner mit einem R[xxx] am Ende. Werden die auch benötigt?

LOG-Dateien von JRT (Junkware Removal Tool ):

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 7 Home Premium x64

Ran by ralf on 01.03.2015 at  9:55:58,85

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01.03.2015 at  9:58:48,86

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST LOGs:

FRST.txt

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01

Ran by ralf (administrator) on RALF-VAIO on 01-03-2015 10:06:48

Running from C:\Users\ralf\Desktop

Loaded Profiles: ralf (Available profiles: ralf)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe

(ALPS) C:\Program Files\Apoint\Apvfb.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)

HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-10-11] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)

HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-09-01] (cyberlink)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2547048 2011-03-30] (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-1360313009-1661305651-1722505978-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKU\S-1-5-21-1360313009-1661305651-1722505978-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File

CHR Profile: C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Docs) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]

CHR Extension: (No Name) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2014-02-16]

CHR Extension: (Google Wallet) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-23]

CHR Extension: (Gmail) - C:\Users\ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-18]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-12-02] (Macrovision Europe Ltd.) [File not signed]

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)

S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)

S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)

S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)

R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [527872 2009-10-12] (Sony Corporation) [File not signed]

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)

R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-09-01] (CyberLink Corp.)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-01 10:06 - 2015-03-01 10:07 - 00014493 _____ () C:\Users\ralf\Desktop\FRST.txt

2015-03-01 09:58 - 2015-03-01 09:58 - 00000624 _____ () C:\Users\ralf\Desktop\JRT.txt

2015-03-01 09:46 - 2015-03-01 09:46 - 00000000 ___RD () C:\Users\ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9

2015-03-01 09:28 - 2015-03-01 09:28 - 00001268 _____ () C:\Users\ralf\Desktop\Revo Uninstaller.lnk

2015-03-01 09:28 - 2015-03-01 09:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-03-01 09:28 - 2015-02-28 09:12 - 02087936 _____ (Farbar) C:\Users\ralf\Desktop\FRST64.exe

2015-03-01 09:27 - 2015-03-01 09:21 - 01388274 _____ (Thisisu) C:\Users\ralf\Desktop\JRT.exe

2015-03-01 09:27 - 2015-03-01 09:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ralf\Desktop\revosetup95.exe

2015-02-28 16:40 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls

2015-02-28 16:40 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls

2015-02-28 15:08 - 2015-03-01 09:45 - 00000000 ____D () C:\AdwCleaner

2015-02-28 14:08 - 2015-02-28 14:45 - 00000000 ___SD () C:\ComboFix

2015-02-28 13:35 - 2015-02-28 13:36 - 00000000 ____D () C:\Qoobox

2015-02-28 13:34 - 2015-02-28 13:34 - 00000000 ____D () C:\Windows\erdnt

2015-02-28 12:49 - 2015-03-01 10:06 - 00000000 ____D () C:\FRST

2015-02-28 07:11 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-02-28 07:11 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-02-28 07:11 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-02-28 07:11 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-02-28 07:11 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-02-28 07:11 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-02-28 07:11 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-02-28 07:11 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2015-02-28 07:11 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-02-28 07:11 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-02-28 07:11 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-02-28 07:11 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-02-28 07:11 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-02-28 07:11 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-02-28 07:11 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-02-28 07:11 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-02-28 07:11 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-02-28 07:11 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-02-28 07:11 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-02-28 07:11 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-02-28 07:11 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-02-28 07:11 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-02-28 07:11 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-02-28 07:11 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-02-28 07:11 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-02-28 07:11 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-02-28 07:11 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-28 07:11 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-02-28 07:11 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-02-28 07:11 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-02-28 07:11 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-02-28 07:11 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-02-28 07:11 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-02-28 07:11 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-02-28 07:10 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-02-28 07:10 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2015-02-28 06:37 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-02-28 06:37 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll

2015-02-28 06:36 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-02-28 06:36 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-02-28 06:36 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-02-28 06:36 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-02-28 06:36 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-02-28 06:36 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-02-28 06:36 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-02-28 06:34 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-28 04:10 - 2015-02-28 04:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2015-02-28 03:27 - 2015-03-01 09:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-28 03:26 - 2015-02-28 04:10 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-28 03:26 - 2015-02-28 03:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-28 03:26 - 2015-02-28 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-28 03:26 - 2015-02-28 03:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-28 03:26 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-28 03:26 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-28 03:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-31 17:33 - 2015-01-31 17:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf

2015-01-30 19:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-30 19:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-30 19:34 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-30 19:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-30 19:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-30 19:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-01 10:03 - 2012-07-06 15:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-01 10:01 - 2011-12-17 17:05 - 00000254 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job

2015-03-01 09:54 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-01 09:54 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-01 09:50 - 2009-12-02 11:16 - 01237457 _____ () C:\Windows\WindowsUpdate.log

2015-03-01 09:46 - 2014-03-26 09:12 - 00005430 _____ () C:\Windows\setupact.log

2015-03-01 09:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-01 09:36 - 2014-06-15 07:25 - 00003070 _____ () C:\Windows\PFRO.log

2015-03-01 09:27 - 2009-07-14 18:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2015-03-01 09:27 - 2009-07-14 18:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2015-03-01 09:27 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-01 09:23 - 2009-07-14 05:45 - 00400120 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-01 09:20 - 2015-01-10 23:29 - 00000000 ____D () C:\Windows\system32\appraiser

2015-03-01 09:20 - 2014-05-05 19:53 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-02-28 16:39 - 2013-08-15 08:05 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-28 16:34 - 2010-01-04 11:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-02-28 16:29 - 2014-02-09 13:11 - 00000000 ____D () C:\temp

2015-02-28 13:46 - 2010-01-04 11:06 - 00000000 ____D () C:\ProgramData\Avira

2015-02-28 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-02-28 06:15 - 2010-01-01 13:36 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D9E7321E-0F6E-4613-ABD8-17E20460C501}

2015-01-31 17:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-31 16:18 - 2010-01-05 20:24 - 00000000 ____D () C:\Users\ralf\Documents\WebCam Media

2015-01-31 16:03 - 2012-07-06 15:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-31 16:03 - 2012-07-06 15:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-31 16:03 - 2012-02-19 13:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-31 15:43 - 2013-03-27 20:32 - 00000000 ____D () C:\Users\ralf\AppData\Roaming\Apple Computer
 

==================== Files in the root of some directories =======
 

2014-01-25 16:06 - 2014-01-25 16:06 - 0000000 _____ () C:\Users\ralf\AppData\Roaming\wklnhst.dat

2014-02-06 06:45 - 2014-02-06 06:45 - 0004096 ____H () C:\Users\ralf\AppData\Local\keyfile3.drm

2014-02-22 09:11 - 2014-02-22 09:11 - 0828200 _____ (AnyProtect.com) C:\Users\ralf\AppData\Local\nsi6D67.tmp

2010-01-04 14:11 - 2014-03-25 15:21 - 0000040 ___SH () C:\ProgramData\.zreglib

2010-01-04 12:47 - 2010-01-04 12:57 - 0000088 __RSH () C:\ProgramData\84153FD226.sys

2011-12-17 17:03 - 2011-12-17 17:03 - 0000057 _____ () C:\ProgramData\Ament.ini

2013-11-13 15:32 - 2013-11-23 13:08 - 95025368 ____T () C:\ProgramData\j6h72amq.bxx

2013-11-13 15:32 - 2013-11-23 13:04 - 0000000 _____ () C:\ProgramData\j6h72amq.fvv

2010-01-04 12:47 - 2010-01-04 12:57 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
 

Files to move or delete:

====================

C:\ProgramData\j6h72amq.bxx

C:\ProgramData\j6h72amq.fvv

C:\Users\Public\AlexaNSISPlugin.12252.dll
 
 

Some content of TEMP:

====================

C:\Users\ralf\AppData\Local\Temp\Quarantine.exe

C:\Users\ralf\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-28 10:23
 

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01

Ran by ralf at 2015-03-01 10:07:49

Running from C:\Users\ralf\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.12.36 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0.1 - Adobe Systems Incorporated)

Adobe Premiere Elements 7.0 (HKLM-x32\...\PremElem70) (Version: 7.0.1 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)

ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft)

ATI Catalyst Install Manager (HKLM\...\{A4BC24CB-F8C7-27FB-41D5-47A405031A41}) (Version: 3.0.732.0 - ATI Technologies, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

ccc-core-static (x32 Version: 2009.0710.1127.18698 - Ihr Firmenname) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden

Click to Disc (HKLM-x32\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.73.04270 - Sony Corporation)

Click to Disc (x32 Version: 1.2.73.04270 - Sony Corporation) Hidden

Click to Disc Editor (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 2.0.03.04150 - Sony Corporation)

Click to Disc Editor (x32 Version: 2.0.02 - Sony Corporation) Hidden

Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2201 - CyberLink Corp.)

Dolby Control Center (HKLM\...\{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}) (Version: 1.2.0702 - Dolby)

Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.4.0.06120 - Sony Corporation)

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140117 - Landesfinanzdirektion Thüringen)

HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{27780511-1D05-402F-AAB3-434C1A212B63}) (Version: 23.0.504.0 - Hewlett-Packard Co.)

HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)

HP Update (HKLM-x32\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)

HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB67}) (Version: 1.0.3.0 - Hewlett Packard)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)

Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MusicStation (HKLM-x32\...\{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}) (Version: 1.2.2.180 - Omnifone)

Nero 9 Lite (HKLM-x32\...\{d5aca4cc-d9f6-4e7f-aa6f-6eb0b8bb7539}) (Version:  - Nero AG)

Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)

Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)

Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden

Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.0.0.07300 - Sony Corporation)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.0.0.07280 - Sony Corporation)

Sony Home Network Library (x32 Version: 2.0.0.07280 - Sony Corporation) Hidden

Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.12.16210 - Sony Corporation)

Studie zur Verbesserung von HP Deskjet 3050A J611 series Produkten (HKLM\...\{B287D3C0-6B3A-4A41-9FF8-ADCFF2917229}) (Version: 23.0.504.0 - Hewlett-Packard Co.)

TeamViewer 5 (HKLM-x32\...\TeamViewer 5) (Version: 5.0.7572  - TeamViewer GmbH)

Unterstützung für VAIO-Präsentation (HKLM-x32\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 2.0.0.05270 - Sony Corporation)

VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{0A5F02E5-1A52-4F85-892C-A35227641C75}) (Version: 3.5.0.06261 - Sony Corporation)

VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.5.0.06261 - Sony Corporation) Hidden

VAIO Content Metadata Intelligent Network Service Manager (HKLM-x32\...\{3B1168DE-1F8C-471C-AC49-0CA52F096170}) (Version: 3.5.0.06260 - Sony Corporation)

VAIO Content Metadata Intelligent Network Service Manager (x32 Version: 3.5.0.06260 - Sony Corporation) Hidden

VAIO Content Metadata Manager Settings (HKLM-x32\...\{7395DD51-0D1A-47A7-9993-742073ECF4CE}) (Version: 3.5.0.06260 - Sony Corporation)

VAIO Content Metadata Manager Settings (x32 Version: 3.5.0.06260 - Sony Corporation) Hidden

VAIO Content Metadata XML Interface Library (HKLM-x32\...\{949419DF-F4AF-4693-B60A-522B24F233C6}) (Version: 3.5.0.06180 - Sony Corporation)

VAIO Content Metadata XML Interface Library (x32 Version: 3.5.0.06180 - Sony Corporation) Hidden

VAIO Content Monitoring Settings (x32 Version: 2.4.0.06120 - Sony Corporation) Hidden

VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.0.0.06120 - Sony Corporation)

VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.1.01.06290 - Sony Corporation)

VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)

VAIO Energie Verwaltung (HKLM-x32\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 4.0.0.07160 - Sony Corporation)

VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.0.0.07010 - Sony Corporation)

VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 1.0.1.10190 - Sony Corporation)

VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version:  - Sony Corporation)

VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.0.07280 - Sony Corporation)

VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)

VAIO Movie Story (HKLM-x32\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.5.00.06191 - Sony Corporation)

VAIO Movie Story (x32 Version: 1.5.00.06191 - Sony Corporation) Hidden

VAIO Movie Story Template Data (HKLM-x32\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.5.00.06010 - Sony Corporation)

VAIO Original Function Settings (x32 Version: 2.0.0.07010 - Sony Corporation) Hidden

VAIO Original Funktion Einstellungen (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.0.0.07010 - Sony Corporation)

VAIO Premium Partners 1.00 (HKLM-x32\...\VAIO Premium Partners 1.00) (Version:  - )

VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)

VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)

VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)

VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)

VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden

WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)

Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

30-01-2015 19:46:02 Windows Update

31-01-2015 15:40:27 Windows Update

28-02-2015 06:33:39 Windows Update

28-02-2015 16:32:35 Windows Update

01-03-2015 09:31:49 Restore Point Created by FRST
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {1B77CDCA-BF1C-4C22-AA85-938C7CC01AED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {2C451245-5A56-4AF5-9632-8D3992D3901D} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-10-20] (Sony Corporation)

Task: {434A6423-3F87-475E-A8B8-BAC2E99D15FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)

Task: {50E195A8-29D9-4EFD-9C46-EADE7CE8B1DD} - System32\Tasks\{EB854747-EC46-456A-8159-B087E4DA5CCB} => pcalua.exe -a C:\Users\ralf\AppData\Roaming\awesomehp\UninstallManager.exe

Task: {71F82300-4682-4C03-B8B4-A3364290E92A} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-03-30] (Hewlett-Packard Co.)

Task: {9521D7EF-F0F4-4E99-B8EC-43C3AFB402FB} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION

Task: {B99DD1B0-181D-4AA6-AE19-B2691D6CB89C} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)

Task: {E0C9CF4F-6CC9-4495-8A9B-CC6D58ED34AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

Task: {E772858F-0AED-452D-BC2F-1C8DB49C1709} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()

Task: {F7749683-E722-43FC-8ED7-22C9D84EEBD7} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2009-09-21 15:04 - 2009-09-21 15:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

2011-03-30 22:19 - 2011-03-30 22:19 - 02673000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll

2008-08-26 11:41 - 2008-08-26 11:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2009-12-02 11:18 - 2009-12-02 11:18 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2009-12-02 11:45 - 2009-07-01 11:49 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll

2009-12-02 11:45 - 2009-07-01 11:49 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-1360313009-1661305651-1722505978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ralf\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: Media is not connected to internet.
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-1360313009-1661305651-1722505978-500 - Administrator - Disabled)

Gast (S-1-5-21-1360313009-1661305651-1722505978-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1360313009-1661305651-1722505978-1002 - Limited - Enabled)

ralf (S-1-5-21-1360313009-1661305651-1722505978-1000 - Administrator - Enabled) => C:\Users\ralf
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2012-11-18 12:16:25.600

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\kernel32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz

Percentage of memory in use: 31%

Total physical RAM: 4063.02 MB

Available physical RAM: 2789.04 MB

Total Pagefile: 8124.23 MB

Available Pagefile: 6583.43 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:454.74 GB) (Free:390.33 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 24E99F6D)

Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=454.7 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================