Avira Start wird durch eine Gruppenrichtlinie blockiert

HatsErwischt · 18.04.2014, 14:22

Hallo zusammen,
Avira Start wird durch eine Gruppenrichtlinie blockiert

Malwarebytes Anti-Malware findet keine Fehler

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Jana (ATTENTION: The logged in user is not administrator) on JANA-VAIO on 18-04-2014 15:19:14
Running from C:\Users\Jana\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [328048 2010-12-14] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-11-14] (VMware, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [180304 2014-04-15] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2336996420-966744919-1357593008-1004\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-2336996420-966744919-1357593008-1004\...\MountPoints2: {8721d1a1-53a0-11e3-94a2-005056c00008} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2336996420-966744919-1357593008-1004\...\MountPoints2: {c0c0430a-ad94-11e1-b406-18f46adbf8f9} - G:\Setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {B11B8D02-4B9C-4978-8A52-3357F9799479} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {D0C7FCA7-5239-42C0-AB2E-E66DD87BF74A} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {F1EECC40-1714-406D-B41E-6416304F3C56} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.68.68

FireFox:
========
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\bj35ea3s.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\bj35ea3s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-30]

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [122448 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] ()
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
S2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-18] (Malwarebytes Corporation)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-17] ()
S3 cpuz134; \??\C:\Users\standard\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 15:19 - 2014-04-18 15:19 - 00013888 _____ () C:\Users\Jana\Desktop\FRST.txt
2014-04-18 15:19 - 2014-04-18 15:19 - 00000000 ____D () C:\FRST
2014-04-18 15:18 - 2014-04-18 15:18 - 02158592 _____ (Farbar) C:\Users\Jana\Desktop\FRST64.exe
2014-04-18 15:03 - 2014-04-18 15:03 - 00000024 _____ () C:\Users\Jana\Desktop\trojaner-board.de.txt
2014-04-18 14:30 - 2014-04-18 14:30 - 00448512 _____ (OldTimer Tools) C:\Users\Jana\Desktop\TFC.exe
2014-04-18 14:23 - 2014-04-18 14:23 - 02405664 _____ (Trend Micro Inc.) C:\Users\Jana\Desktop\HousecallLauncher64.exe
2014-04-18 13:58 - 2014-04-18 13:58 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-18 13:57 - 2014-04-18 13:58 - 04464280 _____ (Avira Operations GmbH & Co. KG) C:\Users\Jana\Desktop\avira_de_av___ws.exe
2014-04-18 13:50 - 2014-04-18 13:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 13:50 - 2014-04-18 13:50 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-18 13:50 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 13:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-18 13:50 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-18 13:37 - 2014-04-18 13:49 - 00000000 ____D () C:\AdwCleaner
2014-04-18 08:04 - 2014-04-18 08:04 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-18 08:04 - 2014-04-18 08:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-18 08:04 - 2014-04-18 08:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-18 08:04 - 2014-04-18 08:04 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\ProgramData\Auslogics
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-17 20:48 - 2014-04-17 20:48 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Auslogics
2014-04-17 20:01 - 2014-04-17 20:01 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2014-04-17 20:01 - 2014-04-17 20:01 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\iolo
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\ProgramData\iolo
2014-04-17 20:01 - 2013-11-01 14:59 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2014-04-17 20:01 - 2013-11-01 14:59 - 00021176 _____ (iolo technologies, LLC) C:\Windows\system32\iolorgdf64.exe
2014-04-17 19:55 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-17 19:55 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-17 19:55 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-17 19:55 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-17 19:54 - 2014-04-17 19:55 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 19:30 - 2014-04-17 19:30 - 00000000 ____D () C:\MININT
2014-04-17 19:29 - 2014-04-17 19:30 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\IDM2
2014-04-17 19:28 - 2014-04-17 19:28 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager Upgrade
2014-04-17 17:58 - 2014-04-17 19:28 - 00000000 ____D () C:\Users\Jana\AppData\Local\Deployment
2014-04-17 17:58 - 2014-04-17 17:58 - 00000000 ____D () C:\Users\Jana\AppData\Local\Apps\2.0
2014-04-15 22:16 - 2014-04-15 22:50 - 488094368 _____ () C:\Users\Jana\Downloads\Once_Upon_a_Time__The_Jolly_Roger_14.04.13_20-00_uswabc_60_TVOON_DE.mpg.avi.otrkey
2014-04-15 19:35 - 2014-04-15 20:09 - 485882376 _____ () C:\Users\Jana\Downloads\Star-Crossed__Some_Consequence_Yet_Hanging_in_the_Stars_14.04.14_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-14 21:08 - 2014-04-14 21:09 - 368889764 _____ () C:\Users\Jana\Downloads\The_Big_Bang_Theory__The_Relationship_Diremption_14.04.10_20-00_uswcbs_31_TVOON_DE.mpg.avi
2014-04-14 17:12 - 2014-04-14 17:13 - 504477050 _____ () C:\Users\Jana\Downloads\Grimm__The_Law_of_Sacrifice_14.04.11_21-00_uswnbc_61_TVOON_DE.mpg.avi
2014-04-14 06:08 - 2014-04-14 22:11 - 00000000 ____D () C:\Users\Jana\Downloads\Game of Thrones
2014-04-13 16:10 - 2014-04-13 16:11 - 492950368 _____ () C:\Users\Jana\Downloads\The_100__Murphy_s_Law_14.04.09_21-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-13 16:09 - 2014-04-13 16:09 - 609630190 _____ () C:\Users\Jana\Downloads\Dexter_14.04.12_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:08 - 2014-04-13 16:09 - 567721508 _____ () C:\Users\Jana\Downloads\Dexter_14.04.11_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:07 - 2014-04-13 16:08 - 673209046 _____ () C:\Users\Jana\Downloads\Dexter_14.04.10_01-15_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:03 - 2014-04-13 16:03 - 474281840 _____ () C:\Users\Jana\Downloads\Criminal_Minds__What_Happens_in_Mecklinburg_____14.04.09_21-00_uswcbs_60_TVOON_DE.mpg.avi
2014-04-10 17:55 - 2014-04-11 17:48 - 00000000 ____D () C:\Users\Jana\Desktop\Fringe
2014-04-09 19:53 - 2014-04-09 19:53 - 474356486 _____ () C:\Users\Jana\Downloads\The_Following__Betrayal_14.04.07_21-00_uswnyw_60_TVOON_DE.mpg.avi
2014-04-09 19:50 - 2014-04-09 19:50 - 530511542 _____ () C:\Users\Jana\Downloads\Star-Crossed__An_Old_Accustom_d_Feast_14.04.07_20-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-09 19:49 - 2014-04-09 19:50 - 579944950 _____ () C:\Users\Jana\Downloads\Dexter_14.04.09_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-09 19:49 - 2014-04-09 19:49 - 703101802 _____ () C:\Users\Jana\Downloads\Dexter_14.04.08_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-08 13:26 - 2014-04-12 19:01 - 00000000 ____D () C:\Users\Jana\Desktop\Verpasster Stoff
2014-04-05 16:25 - 2014-04-05 16:30 - 46063703 _____ () C:\Users\Jana\Desktop\Dexter_Nothing_Else_Could_Love_Me.mp4
2014-03-30 13:39 - 2014-03-30 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 23:56 - 2014-04-07 15:57 - 00000000 ____D () C:\Users\Jana\Downloads\The 100

==================== One Month Modified Files and Folders =======

2014-04-18 15:19 - 2014-04-18 15:19 - 00013888 _____ () C:\Users\Jana\Desktop\FRST.txt
2014-04-18 15:19 - 2014-04-18 15:19 - 00000000 ____D () C:\FRST
2014-04-18 15:18 - 2014-04-18 15:18 - 02158592 _____ (Farbar) C:\Users\Jana\Desktop\FRST64.exe
2014-04-18 15:03 - 2014-04-18 15:03 - 00000024 _____ () C:\Users\Jana\Desktop\trojaner-board.de.txt
2014-04-18 15:01 - 2009-07-14 06:45 - 00013664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 15:01 - 2009-07-14 06:45 - 00013664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 14:58 - 2011-01-26 17:51 - 01269462 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 14:53 - 2011-12-23 22:40 - 00000000 ____D () C:\ProgramData\VMware
2014-04-18 14:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 14:53 - 2009-07-14 06:51 - 00177676 _____ () C:\Windows\setupact.log
2014-04-18 14:52 - 2010-11-25 12:43 - 00064984 _____ () C:\Windows\PFRO.log
2014-04-18 14:31 - 2012-04-06 19:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-18 14:30 - 2014-04-18 14:30 - 00448512 _____ (OldTimer Tools) C:\Users\Jana\Desktop\TFC.exe
2014-04-18 14:23 - 2014-04-18 14:23 - 02405664 _____ (Trend Micro Inc.) C:\Users\Jana\Desktop\HousecallLauncher64.exe
2014-04-18 13:58 - 2014-04-18 13:58 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-18 13:58 - 2014-04-18 13:57 - 04464280 _____ (Avira Operations GmbH & Co. KG) C:\Users\Jana\Desktop\avira_de_av___ws.exe
2014-04-18 13:58 - 2013-03-30 15:53 - 00000000 ____D () C:\ProgramData\Avira
2014-04-18 13:58 - 2013-03-30 15:53 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-18 13:58 - 2012-09-26 20:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-18 13:50 - 2014-04-18 13:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 13:50 - 2014-04-18 13:50 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-18 13:49 - 2014-04-18 13:37 - 00000000 ____D () C:\AdwCleaner
2014-04-18 13:37 - 2010-11-25 12:52 - 00000000 ____D () C:\Program Files\Sony
2014-04-18 13:36 - 2010-11-25 12:52 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-18 13:36 - 2010-10-12 19:48 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-04-18 13:36 - 2010-10-12 19:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-18 13:29 - 2012-06-03 18:19 - 00000000 ____D () C:\Program Files (x86)\Philips
2014-04-18 13:29 - 2011-06-27 23:19 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Sony Corporation
2014-04-18 13:24 - 2013-12-30 23:44 - 535170947 _____ () C:\Windows\MEMORY.DMP
2014-04-18 13:24 - 2013-12-30 23:44 - 00000000 ____D () C:\Windows\Minidump
2014-04-18 12:59 - 2011-06-27 23:20 - 00120992 _____ () C:\Users\Jana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-18 08:04 - 2014-04-18 08:04 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-18 08:04 - 2014-04-18 08:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-18 08:04 - 2014-04-18 08:04 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-18 08:04 - 2014-04-18 08:04 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-18 08:03 - 2010-11-25 13:22 - 00000000 ____D () C:\Program Files\Java
2014-04-18 07:24 - 2012-04-06 19:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-18 07:24 - 2011-07-10 22:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-18 07:17 - 2011-06-28 17:29 - 01630180 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-18 07:17 - 2010-11-25 21:39 - 00715064 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 07:17 - 2010-11-25 21:39 - 00154540 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 07:17 - 2009-07-14 07:13 - 01630180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\ProgramData\Auslogics
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-17 20:48 - 2014-04-17 20:48 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Auslogics
2014-04-17 20:36 - 2011-06-27 19:35 - 00000000 ____D () C:\Update
2014-04-17 20:01 - 2014-04-17 20:01 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2014-04-17 20:01 - 2014-04-17 20:01 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\iolo
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\ProgramData\iolo
2014-04-17 19:56 - 2013-10-20 12:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-17 19:55 - 2014-04-17 19:54 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 19:55 - 2012-03-12 21:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-17 19:44 - 2009-07-14 06:45 - 00456048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-17 19:30 - 2014-04-17 19:30 - 00000000 ____D () C:\MININT
2014-04-17 19:30 - 2014-04-17 19:29 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\IDM2
2014-04-17 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-04-17 19:28 - 2014-04-17 19:28 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager Upgrade
2014-04-17 19:28 - 2014-04-17 17:58 - 00000000 ____D () C:\Users\Jana\AppData\Local\Deployment
2014-04-17 17:58 - 2014-04-17 17:58 - 00000000 ____D () C:\Users\Jana\AppData\Local\Apps\2.0
2014-04-16 21:21 - 2013-11-11 20:20 - 00000000 ____D () C:\Users\Jana\Desktop\Stücke auf Handy
2014-04-15 22:50 - 2014-04-15 22:16 - 488094368 _____ () C:\Users\Jana\Downloads\Once_Upon_a_Time__The_Jolly_Roger_14.04.13_20-00_uswabc_60_TVOON_DE.mpg.avi.otrkey
2014-04-15 20:09 - 2014-04-15 19:35 - 485882376 _____ () C:\Users\Jana\Downloads\Star-Crossed__Some_Consequence_Yet_Hanging_in_the_Stars_14.04.14_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-14 22:11 - 2014-04-14 06:08 - 00000000 ____D () C:\Users\Jana\Downloads\Game of Thrones
2014-04-14 22:10 - 2013-12-21 00:55 - 00000000 ____D () C:\Users\Jana\Desktop\Stücke FÜR Handy
2014-04-14 22:07 - 2011-06-28 17:41 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\vlc
2014-04-14 21:09 - 2014-04-14 21:08 - 368889764 _____ () C:\Users\Jana\Downloads\The_Big_Bang_Theory__The_Relationship_Diremption_14.04.10_20-00_uswcbs_31_TVOON_DE.mpg.avi
2014-04-14 20:13 - 2014-04-17 19:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-17 19:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-17 19:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-17 19:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 17:13 - 2014-04-14 17:12 - 504477050 _____ () C:\Users\Jana\Downloads\Grimm__The_Law_of_Sacrifice_14.04.11_21-00_uswnbc_61_TVOON_DE.mpg.avi
2014-04-14 14:28 - 2014-01-09 20:06 - 00000000 ____D () C:\Users\Jana\Desktop\Berichtsheft
2014-04-13 16:11 - 2014-04-13 16:10 - 492950368 _____ () C:\Users\Jana\Downloads\The_100__Murphy_s_Law_14.04.09_21-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-13 16:09 - 2014-04-13 16:09 - 609630190 _____ () C:\Users\Jana\Downloads\Dexter_14.04.12_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:09 - 2014-04-13 16:08 - 567721508 _____ () C:\Users\Jana\Downloads\Dexter_14.04.11_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:08 - 2014-04-13 16:07 - 673209046 _____ () C:\Users\Jana\Downloads\Dexter_14.04.10_01-15_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:03 - 2014-04-13 16:03 - 474281840 _____ () C:\Users\Jana\Downloads\Criminal_Minds__What_Happens_in_Mecklinburg_____14.04.09_21-00_uswcbs_60_TVOON_DE.mpg.avi
2014-04-13 15:24 - 2013-10-12 13:58 - 00000000 ____D () C:\Users\Jana\Downloads\OUAT in Wonderland
2014-04-12 23:00 - 2011-09-25 22:20 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Skype
2014-04-12 21:00 - 2013-10-19 23:01 - 00000000 ____D () C:\Users\Jana\Desktop\TWD Staffel 4
2014-04-12 19:01 - 2014-04-08 13:26 - 00000000 ____D () C:\Users\Jana\Desktop\Verpasster Stoff
2014-04-12 13:13 - 2014-01-18 15:59 - 00000000 ____D () C:\Users\Jana\Desktop\Referate, die sich erledigt haben
2014-04-11 17:48 - 2014-04-10 17:55 - 00000000 ____D () C:\Users\Jana\Desktop\Fringe
2014-04-11 17:02 - 2011-12-31 20:20 - 00000000 ____D () C:\Users\Jana\AppData\Local\Windows Live
2014-04-10 06:04 - 2011-06-27 21:48 - 00572120 _____ () C:\test.xml
2014-04-09 19:53 - 2014-04-09 19:53 - 474356486 _____ () C:\Users\Jana\Downloads\The_Following__Betrayal_14.04.07_21-00_uswnyw_60_TVOON_DE.mpg.avi
2014-04-09 19:50 - 2014-04-09 19:50 - 530511542 _____ () C:\Users\Jana\Downloads\Star-Crossed__An_Old_Accustom_d_Feast_14.04.07_20-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-09 19:50 - 2014-04-09 19:49 - 579944950 _____ () C:\Users\Jana\Downloads\Dexter_14.04.09_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-09 19:49 - 2014-04-09 19:49 - 703101802 _____ () C:\Users\Jana\Downloads\Dexter_14.04.08_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-09 14:01 - 2014-03-02 18:47 - 00000000 ____D () C:\Users\Jana\Downloads\OUAT Season 3
2014-04-09 11:12 - 2011-07-03 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 11:11 - 2013-08-14 01:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 11:09 - 2011-06-27 18:53 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 23:04 - 2014-02-04 21:07 - 00000000 ____D () C:\Users\Jana\Desktop\Dexter (1, 2 & 4 auf Festplatte)
2014-04-07 15:57 - 2014-03-28 23:56 - 00000000 ____D () C:\Users\Jana\Downloads\The 100
2014-04-07 15:35 - 2013-10-11 20:12 - 00000000 ____D () C:\Users\Jana\Downloads\The Tomorrow People
2014-04-07 15:28 - 2012-10-20 20:12 - 00000000 ____D () C:\Users\Jana\Downloads\Arrow
2014-04-07 14:34 - 2013-03-07 20:03 - 00000000 ____D () C:\Users\Jana\Downloads\Grimm Season 3
2014-04-06 00:33 - 2013-06-01 11:34 - 00000000 ____D () C:\Users\Jana\Downloads\Criminal Minds Season 9
2014-04-05 23:45 - 2014-02-02 16:24 - 00000000 ____D () C:\Users\Jana\Downloads\The Following
2014-04-05 22:41 - 2013-05-21 01:21 - 00000000 ____D () C:\Users\Jana\Downloads\Supernatural (hab S04 bis E15 und S08 bis E09)
2014-04-05 22:11 - 2014-02-22 19:51 - 00000000 ____D () C:\Users\Jana\Downloads\Star-Crossed
2014-04-05 22:03 - 2013-07-12 14:03 - 00000000 ____D () C:\Users\Jana\Downloads\Dexter
2014-04-05 16:30 - 2014-04-05 16:25 - 46063703 _____ () C:\Users\Jana\Desktop\Dexter_Nothing_Else_Could_Love_Me.mp4
2014-04-03 09:51 - 2014-04-18 13:50 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-18 13:50 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-18 13:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 20:04 - 2014-01-19 02:41 - 00000000 ____D () C:\Users\Jana\Desktop\13 Magnum Opus
2014-04-01 19:22 - 2012-10-20 20:12 - 00000000 ____D () C:\Users\Jana\Downloads\Beauty and the Beast Season 2
2014-03-31 14:34 - 2012-06-28 22:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 09:35 - 2011-06-27 19:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 13:39 - 2014-03-30 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 21:29 - 2013-10-27 20:31 - 00000000 ____D () C:\Users\Jana\Downloads\Dracula
2014-03-28 20:58 - 2013-09-14 18:49 - 00000000 ____D () C:\Users\Jana\Downloads\The Originals
2014-03-28 01:26 - 2014-03-08 21:33 - 00003584 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\Juergen\AppData\Roaming\cdr.ini


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Jana at 2014-04-18 15:19:45
Running from C:\Users\Jana\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AllSync (HKLM-x32\...\AllSync_is1) (Version: 3.5.12 - Michael Thummerer Software Design)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.106.303.106 - ALPS ELECTRIC CO., LTD.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.115 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.3.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{66116465-9a0c-41ea-ba8e-c572cc3a2eaa}) (Version: 1.0.5218.31571 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5218.31571 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Blu-ray Copy 1.0.50 (HKLM-x32\...\{EE56B531-B655-4afa-9664-0C0970E5798B}_is1) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0209.16.306 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0920.2143.37117 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help English (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help French (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help German (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0920.2143.37117 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0920.2143.37117 - ATI) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.804 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.4.2224 - Evernote Corp.)
ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version:  - Eusing Software)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Internet Download Manager Upgrade (HKCU\...\d46796c124a73858) (Version: 1.0.0.1 - Internet Download Manager Upgrade)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
KeePass Password Safe 1.25 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.25 - Dominik Reichl)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.2 - )
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.5.10.06150 - Sony Corporation) Hidden
Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.7.0 - Sony Corporation)
Quick Web Access (x32 Version: 1.4.7.0 - Sony Corporation) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
SA25x0 & SA26x0 Device Manager (HKCU\...\{0AD8AA88-0DE9-4065-A35E-529EB576A507}) (Version: 01.01.00.1015 - Philips)
SA25x0 & SA26x0 Device Manager (HKLM-x32\...\{0AD8AA88-0DE9-4065-A35E-529EB576A507}) (Version: 01.01.00.1015 - Philips)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
tools-freebsd (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-linux (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-netware (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-windows (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 8.8.1.528992 - VMware, Inc.) Hidden
TubeBox (HKLM-x32\...\{556e97d3-dfe2-4841-b3e5-169f7ee83716}) (Version: 1.0.0.0 - Freetec)
TubeBox (x32 Version: 4.0.0.0 - Freetec) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
VAIO - Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.3.0.06230 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.03020 - Sony Corporation)
VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}) (Version: 1.6.10.11160 - Sony Corporation)
VAIO Care (HKLM\...\{FDCC09EA-A33E-4639-B1CD-FC1702815FA7}) (Version: 8.4.0.14281 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.3.0.05310 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.4.0.05240 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.4.00.05300 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.1.09230 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.2.0.07020 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.18210 - Sony Corporation)
VAIO Media plus (Version: 2.1.0 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.18210 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 2.1.0.13220 - Sony Corporation)
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.5.00.05300 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040 - Sony Corporation) Hidden
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.3.0.06041 - Sony Corporation)
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.1.0.05280 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.2.0.06230 - Sony Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 8.0.1.27038 - VMware, Inc)
VMware Workstation (x32 Version: 8.0.1.27038 - VMware, Inc.) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-08-24 14:39 - 2010-08-24 14:39 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-27 22:24 - 2011-06-27 22:24 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2014 02:51:36 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{68321814-592E-486E-9464-B47C0D1C989C}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer

Error: (04/18/2014 01:37:42 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary netfilter64.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/18/2014 01:36:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary netfilter64.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/18/2014 01:33:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7600.16385, Zeitstempel: 0x4a5bc3e6
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7600.17038, Zeitstempel: 0x4fd2d370
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00080e20
ID des fehlerhaften Prozesses: 0xd14
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3

Error: (04/18/2014 01:33:38 PM) (Source: Microsoft-Windows-RestartManager) (User: JANA-VAIO)
Description: Die Anwendung oder der Dienst "Internet Explorer" konnte nicht heruntergefahren werden.

Error: (04/18/2014 01:33:38 PM) (Source: Microsoft-Windows-RestartManager) (User: JANA-VAIO)
Description: Die Anwendung oder der Dienst "Internet Explorer" konnte nicht heruntergefahren werden.

Error: (04/17/2014 08:08:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16476, Zeitstempel: 0x5126e7ac
Name des fehlerhaften Moduls: IEOptimizer.dll, Version: 0.0.0.0, Zeitstempel: 0x53037983
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000014fa
ID des fehlerhaften Prozesses: 0xf38
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/17/2014 06:38:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16476, Zeitstempel: 0x5126e7ac
Name des fehlerhaften Moduls: IEOptimizer.dll, Version: 0.0.0.0, Zeitstempel: 0x53037983
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000014fa
ID des fehlerhaften Prozesses: 0x16b4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/16/2014 10:01:27 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16476 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1eec

Startzeit: 01cf59aa0d96894e

Endzeit: 120

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (04/16/2014 09:28:32 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16476 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1660

Startzeit: 01cf59a91f110039

Endzeit: 30

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:


System errors:
=============
Error: (04/18/2014 02:53:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PMBDeviceInfoProvider" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/18/2014 02:37:22 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/18/2014 02:30:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/18/2014 01:51:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PMBDeviceInfoProvider" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/18/2014 01:45:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "User Energy Server Service" wurde mit folgendem Fehler beendet: 
%%268439640

Error: (04/18/2014 01:39:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PMBDeviceInfoProvider" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/18/2014 01:24:37 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/18/2014 01:24:49 PM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa80043fd010, 0xfffff88002e7940c, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP041814-27830-01

Error: (04/18/2014 01:24:43 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎18.‎04.‎2014 um 13:23:19 unerwartet heruntergefahren.

Error: (04/18/2014 00:58:20 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (04/18/2014 02:51:36 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{68321814-592E-486E-9464-B47C0D1C989C}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer

Error: (04/18/2014 01:37:42 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary netfilter64.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (04/18/2014 01:36:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary netfilter64.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (04/18/2014 01:33:42 PM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.7600.163854a5bc3e6SHELL32.dll6.1.7600.170384fd2d370c000000500080e20d1401cf5afa0b725556c:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\SHELL32.dll4ab128c5-c6ed-11e3-9da7-005056c00008

Error: (04/18/2014 01:33:38 PM) (Source: Microsoft-Windows-RestartManager)(User: JANA-VAIO)
Description: 1C:\Program Files (x86)\Internet Explorer\iexplore.exeInternet Explorer0111725640

Error: (04/18/2014 01:33:38 PM) (Source: Microsoft-Windows-RestartManager)(User: JANA-VAIO)
Description: 1C:\Program Files (x86)\Internet Explorer\iexplore.exeInternet Explorer0111751040

Error: (04/17/2014 08:08:49 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164765126e7acIEOptimizer.dll0.0.0.053037983c0000005000014faf3801cf5a67acfc450cC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\SavingsBull\IEOptimizer.dll529bad24-c65b-11e3-8c02-005056c00008

Error: (04/17/2014 06:38:53 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164765126e7acIEOptimizer.dll0.0.0.053037983c0000005000014fa16b401cf5a551e97c7eeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\SavingsBull\IEOptimizer.dllc29879ef-c64e-11e3-acca-18f46adbf8f9

Error: (04/16/2014 10:01:27 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.164761eec01cf59aa0d96894e120C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (04/16/2014 09:28:32 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16476166001cf59a91f11003930C:\Program Files (x86)\Internet Explorer\iexplore.exe


CodeIntegrity Errors:
===================================
  Date: 2014-03-05 19:36:32.569
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-05 19:36:32.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-05 19:36:32.279
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-05 19:36:32.199
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-05 19:36:32.119
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-05 19:36:32.029
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-22 11:03:30.201
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-22 11:03:30.181
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-22 11:03:30.121
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-22 11:03:30.061
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3950.1 MB
Available physical RAM: 2139.67 MB
Total Pagefile: 7898.33 MB
Available Pagefile: 5464.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:242.04 GB) (Free:84.01 GB) NTFS
Drive d: (Daten) (Fixed) (Total:210.14 GB) (Free:163.36 GB) NTFS
Drive e: (FRINGE_SEASON_1_DISC_2) (CDROM) (Total:7.06 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber · 18.04.2014, 15:38

hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

HatsErwischt · 18.04.2014, 16:26

Besten Dank für die schnelle Hilfe

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 01
Ran by Juergen at 2014-04-18 16:33:29 Run:1
Running from C:\Users\Juergen\Desktop\Virus
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====

Code:

ATTFilter

ComboFix 14-04-17.01 - Juergen 18.04.2014  17:08:38.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3950.2159 [GMT 2:00]
ausgeführt von:: c:\users\Juergen\Desktop\Virus\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Juergen\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-18 bis 2014-04-18  ))))))))))))))))))))))))))))))
.
.
2014-04-18 15:15 . 2014-04-18 15:15	--------	d-----w-	c:\users\standard\AppData\Local\temp
2014-04-18 15:15 . 2014-04-18 15:15	--------	d-----w-	c:\users\Ruth\AppData\Local\temp
2014-04-18 15:15 . 2014-04-18 15:15	--------	d-----w-	c:\users\Jana\AppData\Local\temp
2014-04-18 14:59 . 2014-02-25 09:41	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-04-18 14:59 . 2014-02-25 09:41	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-04-18 14:59 . 2014-02-25 09:41	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-04-18 14:48 . 2014-04-18 14:59	--------	d-----w-	c:\program files (x86)\Avira
2014-04-18 14:48 . 2014-04-18 14:59	--------	d-----w-	c:\programdata\Avira
2014-04-18 14:42 . 2012-05-04 17:29	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2014-04-18 14:42 . 2012-05-04 17:29	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2014-04-18 14:39 . 2014-04-18 14:39	--------	d-----w-	c:\users\Juergen\AppData\Local\Evernote
2014-04-18 14:19 . 2014-04-18 14:19	--------	d-----w-	c:\program files\CCleaner
2014-04-18 13:47 . 2014-04-18 13:47	--------	d-----w-	c:\windows\ERUNT
2014-04-18 13:25 . 2014-04-18 13:25	--------	d-----w-	c:\program files (x86)\ESET
2014-04-18 13:19 . 2014-04-18 14:33	--------	d-----w-	C:\FRST
2014-04-18 11:50 . 2014-04-18 11:50	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-18 11:50 . 2014-04-18 11:50	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-04-18 11:50 . 2014-04-18 11:50	--------	d-----w-	c:\programdata\Malwarebytes
2014-04-18 11:50 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-18 11:50 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-18 11:50 . 2014-04-03 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-18 11:37 . 2014-04-18 11:49	--------	d-----w-	C:\AdwCleaner
2014-04-18 04:26 . 2014-04-18 04:26	--------	d-----w-	c:\programdata\Auslogics
2014-04-18 04:26 . 2014-04-18 04:26	--------	d-----w-	c:\program files (x86)\Auslogics
2014-04-17 18:48 . 2014-04-17 18:48	--------	d-----w-	c:\users\Juergen\AppData\Roaming\Auslogics
2014-04-17 18:01 . 2014-04-17 18:01	13792	----a-w-	c:\windows\system32\drivers\semav6thermal64ro.sys
2014-04-17 18:01 . 2014-04-17 18:01	74703	----a-w-	c:\windows\SysWow64\mfc45.dll
2014-04-17 18:01 . 2014-04-17 18:01	--------	d-----w-	c:\users\Juergen\AppData\Roaming\iolo
2014-04-17 18:01 . 2014-04-17 18:01	--------	d-----w-	c:\programdata\iolo
2014-04-17 18:01 . 2013-11-01 12:59	69000	----a-w-	c:\windows\system32\offreg.dll
2014-04-17 18:01 . 2013-11-01 12:59	21176	----a-w-	c:\windows\system32\iolorgdf64.exe
2014-04-17 17:30 . 2014-04-17 17:30	--------	d-----w-	c:\programdata\OEM Links
2014-04-17 17:30 . 2014-04-17 17:30	--------	d-----w-	C:\MININT
2014-04-17 17:29 . 2014-04-17 17:30	--------	d-----w-	c:\users\Juergen\AppData\Roaming\IDM2
2014-04-17 15:58 . 2014-04-17 15:58	--------	d-----w-	c:\users\Jana\AppData\Local\Apps
2014-04-17 15:58 . 2014-04-17 17:28	--------	d-----w-	c:\users\Jana\AppData\Local\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-18 05:24 . 2012-04-06 17:44	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-18 05:24 . 2011-07-10 20:11	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-17 03:31 . 2014-04-18 04:46	10651704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{928F5AAE-2B8D-4939-90CB-02BBB8ABE9D0}\mpengine.dll
2014-04-09 09:09 . 2011-06-27 16:53	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2011-06-27 17:35	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-05 18:38 . 2011-03-22 10:03	900	--sha-w-	c:\programdata\KGyGaAvL.sys
2014-02-09 19:36 . 2011-07-03 13:35	112640	----a-w-	c:\windows\SysWow64\ff_vfw.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-11-13 103536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-04-15 180304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;c:\users\standard\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\standard\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.8.130\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 05:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Juergen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-12-14 328048]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.68.68
FF - ProfilePath - c:\users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\r6p7e6zl.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-04-18  17:23:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-04-18 15:23
.
Vor Suchlauf: 18 Verzeichnis(se), 90.157.285.376 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 89.759.465.472 Bytes frei
.
- - End Of File - - EAFE9348AC23B0831C8D58FE55E602CB

schrauber · 19.04.2014, 10:21

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

HatsErwischt · 19.04.2014, 11:11

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.04.2014
Suchlauf-Zeit: 09:22:49
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.19.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Juergen

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 354687
Verstrichene Zeit: 31 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.024 - Bericht erstellt am 19/04/2014 um 11:54:58
# Aktualisiert 18/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Juergen - JANA-VAIO
# Gestartet von : C:\Users\Juergen\Desktop\Virus\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\r6p7e6zl.default\prefs.js ]


[ Datei : C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\bj35ea3s.default\prefs.js ]


[ Datei : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\nhjv4i6y.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4074 octets] - [18/04/2014 13:37:45]
AdwCleaner[R1].txt - [1168 octets] - [18/04/2014 13:47:37]
AdwCleaner[R2].txt - [1301 octets] - [19/04/2014 11:53:20]
AdwCleaner[S0].txt - [4095 octets] - [18/04/2014 13:38:32]
AdwCleaner[S1].txt - [1230 octets] - [18/04/2014 13:49:54]
AdwCleaner[S2].txt - [1218 octets] - [19/04/2014 11:54:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1278 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Juergen on 19.04.2014 at 11:59:02,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.04.2014 at 12:05:33,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Juergen (administrator) on JANA-VAIO on 19-04-2014 12:06:12
Running from C:\Users\Juergen\Desktop\Virus
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [328048 2010-12-14] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-11-14] (VMware, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [180304 2014-04-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2336996420-966744919-1357593008-1003\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {55A5C5AA-D2E4-41F4-9E7A-B232CFA2E84F} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {ABE32F0C-531E-4D21-9FD9-6B14B06F5B19} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
SearchScopes: HKCU - {F3D5E643-BEC4-4182-A986-10C13F411107} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.68.68

FireFox:
========
FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\r6p7e6zl.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\r6p7e6zl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-18]
FF Extension: MozRepl - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\r6p7e6zl.default\Extensions\mozrepl@hyperstruct.net.xpi [2012-10-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-30]

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [122448 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] ()
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
S2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\standard\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-19 12:05 - 2014-04-19 12:05 - 00000627 _____ () C:\Users\Juergen\Desktop\JRT.txt
2014-04-19 07:58 - 2014-04-19 07:56 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-19 07:49 - 2014-04-19 11:55 - 00000224 _____ () C:\Windows\setupact.log
2014-04-19 07:49 - 2014-04-19 07:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 07:48 - 2014-04-19 07:48 - 00083618 _____ () C:\Windows\PFRO.log
2014-04-18 21:25 - 2014-04-18 21:25 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Avira
2014-04-18 18:05 - 2014-04-18 18:05 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Avira
2014-04-18 18:03 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-18 18:03 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-18 18:03 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-18 17:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-18 17:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-18 17:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-18 17:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-18 17:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-18 17:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-18 17:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-18 17:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-18 17:01 - 2014-04-18 17:23 - 00000000 ____D () C:\Qoobox
2014-04-18 17:01 - 2014-04-18 17:22 - 00000000 ____D () C:\Windows\erdnt
2014-04-18 16:48 - 2014-04-18 18:03 - 00000000 ____D () C:\ProgramData\Avira
2014-04-18 16:48 - 2014-04-18 18:03 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-18 16:42 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-04-18 16:42 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-04-18 16:39 - 2014-04-18 16:39 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Evernote
2014-04-18 16:19 - 2014-04-18 16:19 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-18 16:19 - 2014-04-18 16:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-18 16:02 - 2014-04-19 12:06 - 00000000 ____D () C:\Users\Juergen\Desktop\Virus
2014-04-18 15:47 - 2014-04-18 15:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-18 15:25 - 2014-04-18 15:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-18 15:19 - 2014-04-19 12:06 - 00000000 ____D () C:\FRST
2014-04-18 13:50 - 2014-04-19 11:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-18 13:50 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 13:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-18 13:50 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-18 13:43 - 2014-04-18 13:43 - 04464280 _____ (Avira Operations GmbH & Co. KG) C:\Users\Juergen\Downloads\avira_de_av___ws.exe
2014-04-18 13:37 - 2014-04-19 11:55 - 00000000 ____D () C:\AdwCleaner
2014-04-18 07:56 - 2014-04-18 07:58 - 30818216 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jre-7u55-windows-x64(1).exe
2014-04-18 07:21 - 2014-04-18 07:23 - 30818216 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jre-7u55-windows-x64.exe
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\ProgramData\Auslogics
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-17 20:48 - 2014-04-17 20:48 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Auslogics
2014-04-17 20:08 - 2014-04-17 20:08 - 01071360 _____ (Solid State Networks) C:\Users\Juergen\Downloads\install_flashplayer13x32axau_gtbd_chrd_dn_aaa_aih.exe
2014-04-17 20:01 - 2014-04-17 20:01 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2014-04-17 20:01 - 2014-04-17 20:01 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-17 20:01 - 2014-04-17 20:01 - 00003136 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\iolo
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\ProgramData\iolo
2014-04-17 20:01 - 2013-11-01 14:59 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2014-04-17 20:01 - 2013-11-01 14:59 - 00021176 _____ (iolo technologies, LLC) C:\Windows\system32\iolorgdf64.exe
2014-04-17 19:54 - 2014-04-17 19:55 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 19:30 - 2014-04-17 19:30 - 00000000 ____D () C:\MININT
2014-04-17 19:29 - 2014-04-17 19:30 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\IDM2
2014-04-17 19:28 - 2014-04-17 19:28 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager Upgrade
2014-04-17 17:58 - 2014-04-17 19:28 - 00000000 ____D () C:\Users\Jana\AppData\Local\Deployment
2014-04-17 17:58 - 2014-04-17 17:58 - 00000000 ____D () C:\Users\Jana\AppData\Local\Apps\2.0
2014-04-15 22:16 - 2014-04-15 22:50 - 488094368 _____ () C:\Users\Jana\Downloads\Once_Upon_a_Time__The_Jolly_Roger_14.04.13_20-00_uswabc_60_TVOON_DE.mpg.avi.otrkey
2014-04-15 19:35 - 2014-04-15 20:09 - 485882376 _____ () C:\Users\Jana\Downloads\Star-Crossed__Some_Consequence_Yet_Hanging_in_the_Stars_14.04.14_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-14 21:08 - 2014-04-14 21:09 - 368889764 _____ () C:\Users\Jana\Downloads\The_Big_Bang_Theory__The_Relationship_Diremption_14.04.10_20-00_uswcbs_31_TVOON_DE.mpg.avi
2014-04-14 17:12 - 2014-04-14 17:13 - 504477050 _____ () C:\Users\Jana\Downloads\Grimm__The_Law_of_Sacrifice_14.04.11_21-00_uswnbc_61_TVOON_DE.mpg.avi
2014-04-14 06:08 - 2014-04-14 22:11 - 00000000 ____D () C:\Users\Jana\Downloads\Game of Thrones
2014-04-13 16:10 - 2014-04-13 16:11 - 492950368 _____ () C:\Users\Jana\Downloads\The_100__Murphy_s_Law_14.04.09_21-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-13 16:09 - 2014-04-13 16:09 - 609630190 _____ () C:\Users\Jana\Downloads\Dexter_14.04.12_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:08 - 2014-04-13 16:09 - 567721508 _____ () C:\Users\Jana\Downloads\Dexter_14.04.11_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:07 - 2014-04-13 16:08 - 673209046 _____ () C:\Users\Jana\Downloads\Dexter_14.04.10_01-15_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:03 - 2014-04-13 16:03 - 474281840 _____ () C:\Users\Jana\Downloads\Criminal_Minds__What_Happens_in_Mecklinburg_____14.04.09_21-00_uswcbs_60_TVOON_DE.mpg.avi
2014-04-10 17:55 - 2014-04-11 17:48 - 00000000 ____D () C:\Users\Jana\Desktop\Fringe
2014-04-09 19:53 - 2014-04-09 19:53 - 474356486 _____ () C:\Users\Jana\Downloads\The_Following__Betrayal_14.04.07_21-00_uswnyw_60_TVOON_DE.mpg.avi
2014-04-09 19:50 - 2014-04-09 19:50 - 530511542 _____ () C:\Users\Jana\Downloads\Star-Crossed__An_Old_Accustom_d_Feast_14.04.07_20-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-09 19:49 - 2014-04-09 19:50 - 579944950 _____ () C:\Users\Jana\Downloads\Dexter_14.04.09_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-09 19:49 - 2014-04-09 19:49 - 703101802 _____ () C:\Users\Jana\Downloads\Dexter_14.04.08_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-08 13:26 - 2014-04-12 19:01 - 00000000 ____D () C:\Users\Jana\Desktop\Verpasster Stoff
2014-04-05 16:25 - 2014-04-05 16:30 - 46063703 _____ () C:\Users\Jana\Desktop\Dexter_Nothing_Else_Could_Love_Me.mp4
2014-03-30 13:39 - 2014-04-18 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 23:56 - 2014-04-07 15:57 - 00000000 ____D () C:\Users\Jana\Downloads\The 100

==================== One Month Modified Files and Folders =======

2014-04-19 12:06 - 2014-04-18 16:02 - 00000000 ____D () C:\Users\Juergen\Desktop\Virus
2014-04-19 12:06 - 2014-04-18 15:19 - 00000000 ____D () C:\FRST
2014-04-19 12:05 - 2014-04-19 12:05 - 00000627 _____ () C:\Users\Juergen\Desktop\JRT.txt
2014-04-19 12:03 - 2009-07-14 06:45 - 00013664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 12:03 - 2009-07-14 06:45 - 00013664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 11:59 - 2011-01-26 17:51 - 01345297 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 11:56 - 2011-12-23 22:40 - 00000000 ____D () C:\ProgramData\VMware
2014-04-19 11:55 - 2014-04-19 07:49 - 00000224 _____ () C:\Windows\setupact.log
2014-04-19 11:55 - 2014-04-18 13:37 - 00000000 ____D () C:\AdwCleaner
2014-04-19 11:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 11:47 - 2014-04-18 13:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 11:31 - 2012-04-06 19:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-19 08:11 - 2013-10-02 18:01 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox
2014-04-19 08:03 - 2013-10-02 18:04 - 00001024 _____ () C:\Users\Juergen\Desktop\Dropbox.lnk
2014-04-19 08:03 - 2013-10-02 18:01 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-19 07:56 - 2014-04-19 07:58 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-19 07:49 - 2014-04-19 07:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 07:48 - 2014-04-19 07:48 - 00083618 _____ () C:\Windows\PFRO.log
2014-04-18 21:25 - 2014-04-18 21:25 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Avira
2014-04-18 20:45 - 2011-12-31 11:15 - 00007608 _____ () C:\Users\Juergen\AppData\Local\Resmon.ResmonCfg
2014-04-18 18:05 - 2014-04-18 18:05 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Avira
2014-04-18 18:03 - 2014-04-18 16:48 - 00000000 ____D () C:\ProgramData\Avira
2014-04-18 18:03 - 2014-04-18 16:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-18 17:31 - 2011-06-27 19:35 - 00000000 ____D () C:\Update
2014-04-18 17:23 - 2014-04-18 17:01 - 00000000 ____D () C:\Qoobox
2014-04-18 17:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-18 17:22 - 2014-04-18 17:01 - 00000000 ____D () C:\Windows\erdnt
2014-04-18 17:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-18 16:48 - 2012-09-26 20:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-18 16:39 - 2014-04-18 16:39 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Evernote
2014-04-18 16:38 - 2014-03-30 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-18 16:38 - 2012-03-12 21:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-18 16:21 - 2013-12-30 23:44 - 00000000 ____D () C:\Windows\Minidump
2014-04-18 16:21 - 2010-10-12 19:28 - 00000000 ____D () C:\Windows\Panther
2014-04-18 16:19 - 2014-04-18 16:19 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-18 16:19 - 2014-04-18 16:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-18 15:47 - 2014-04-18 15:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-18 15:25 - 2014-04-18 15:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-18 14:33 - 2011-11-19 20:00 - 01106178 _____ () C:\Users\Juergen\AppData\Local\census.cache
2014-04-18 14:32 - 2011-11-19 20:00 - 00101692 _____ () C:\Users\Juergen\AppData\Local\ars.cache
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-18 13:43 - 2014-04-18 13:43 - 04464280 _____ (Avira Operations GmbH & Co. KG) C:\Users\Juergen\Downloads\avira_de_av___ws.exe
2014-04-18 13:37 - 2010-11-25 12:52 - 00000000 ____D () C:\Program Files\Sony
2014-04-18 13:36 - 2010-11-25 12:52 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-18 13:36 - 2010-10-12 19:48 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-04-18 13:36 - 2010-10-12 19:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-18 13:29 - 2012-06-03 18:19 - 00000000 ____D () C:\Program Files (x86)\Philips
2014-04-18 13:29 - 2011-06-27 23:19 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Sony Corporation
2014-04-18 12:59 - 2011-06-27 23:20 - 00120992 _____ () C:\Users\Jana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-18 07:58 - 2014-04-18 07:56 - 30818216 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jre-7u55-windows-x64(1).exe
2014-04-18 07:50 - 2011-07-10 10:06 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Adobe
2014-04-18 07:24 - 2012-04-06 19:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-18 07:24 - 2012-04-06 19:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-18 07:24 - 2011-07-10 22:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-18 07:23 - 2014-04-18 07:21 - 30818216 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jre-7u55-windows-x64.exe
2014-04-18 07:17 - 2011-06-28 17:29 - 01630180 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-18 07:17 - 2010-11-25 21:39 - 00715064 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 07:17 - 2010-11-25 21:39 - 00154540 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 07:17 - 2009-07-14 07:13 - 01630180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\ProgramData\Auslogics
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-17 20:48 - 2014-04-17 20:48 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Auslogics
2014-04-17 20:34 - 2011-12-12 20:22 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Sony Corporation
2014-04-17 20:08 - 2014-04-17 20:08 - 01071360 _____ (Solid State Networks) C:\Users\Juergen\Downloads\install_flashplayer13x32axau_gtbd_chrd_dn_aaa_aih.exe
2014-04-17 20:01 - 2014-04-17 20:01 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2014-04-17 20:01 - 2014-04-17 20:01 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-17 20:01 - 2014-04-17 20:01 - 00003136 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\iolo
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\ProgramData\iolo
2014-04-17 19:56 - 2013-10-20 12:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-17 19:55 - 2014-04-17 19:54 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 19:44 - 2009-07-14 06:45 - 00456048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-17 19:32 - 2011-06-27 23:10 - 00120992 _____ () C:\Users\Juergen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 19:30 - 2014-04-17 19:30 - 00000000 ____D () C:\MININT
2014-04-17 19:30 - 2014-04-17 19:29 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\IDM2
2014-04-17 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-04-17 19:28 - 2014-04-17 19:28 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager Upgrade
2014-04-17 19:28 - 2014-04-17 17:58 - 00000000 ____D () C:\Users\Jana\AppData\Local\Deployment
2014-04-17 17:58 - 2014-04-17 17:58 - 00000000 ____D () C:\Users\Jana\AppData\Local\Apps\2.0
2014-04-16 21:21 - 2013-11-11 20:20 - 00000000 ____D () C:\Users\Jana\Desktop\Stücke auf Handy
2014-04-15 22:50 - 2014-04-15 22:16 - 488094368 _____ () C:\Users\Jana\Downloads\Once_Upon_a_Time__The_Jolly_Roger_14.04.13_20-00_uswabc_60_TVOON_DE.mpg.avi.otrkey
2014-04-15 20:09 - 2014-04-15 19:35 - 485882376 _____ () C:\Users\Jana\Downloads\Star-Crossed__Some_Consequence_Yet_Hanging_in_the_Stars_14.04.14_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-14 22:11 - 2014-04-14 06:08 - 00000000 ____D () C:\Users\Jana\Downloads\Game of Thrones
2014-04-14 22:10 - 2013-12-21 00:55 - 00000000 ____D () C:\Users\Jana\Desktop\Stücke FÜR Handy
2014-04-14 22:07 - 2011-06-28 17:41 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\vlc
2014-04-14 21:09 - 2014-04-14 21:08 - 368889764 _____ () C:\Users\Jana\Downloads\The_Big_Bang_Theory__The_Relationship_Diremption_14.04.10_20-00_uswcbs_31_TVOON_DE.mpg.avi
2014-04-14 17:13 - 2014-04-14 17:12 - 504477050 _____ () C:\Users\Jana\Downloads\Grimm__The_Law_of_Sacrifice_14.04.11_21-00_uswnbc_61_TVOON_DE.mpg.avi
2014-04-14 14:28 - 2014-01-09 20:06 - 00000000 ____D () C:\Users\Jana\Desktop\Berichtsheft
2014-04-13 16:11 - 2014-04-13 16:10 - 492950368 _____ () C:\Users\Jana\Downloads\The_100__Murphy_s_Law_14.04.09_21-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-13 16:09 - 2014-04-13 16:09 - 609630190 _____ () C:\Users\Jana\Downloads\Dexter_14.04.12_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:09 - 2014-04-13 16:08 - 567721508 _____ () C:\Users\Jana\Downloads\Dexter_14.04.11_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:08 - 2014-04-13 16:07 - 673209046 _____ () C:\Users\Jana\Downloads\Dexter_14.04.10_01-15_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:03 - 2014-04-13 16:03 - 474281840 _____ () C:\Users\Jana\Downloads\Criminal_Minds__What_Happens_in_Mecklinburg_____14.04.09_21-00_uswcbs_60_TVOON_DE.mpg.avi
2014-04-13 15:24 - 2013-10-12 13:58 - 00000000 ____D () C:\Users\Jana\Downloads\OUAT in Wonderland
2014-04-12 23:00 - 2011-09-25 22:20 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Skype
2014-04-12 21:00 - 2013-10-19 23:01 - 00000000 ____D () C:\Users\Jana\Desktop\TWD Staffel 4
2014-04-12 19:01 - 2014-04-08 13:26 - 00000000 ____D () C:\Users\Jana\Desktop\Verpasster Stoff
2014-04-12 13:13 - 2014-01-18 15:59 - 00000000 ____D () C:\Users\Jana\Desktop\Referate, die sich erledigt haben
2014-04-11 17:48 - 2014-04-10 17:55 - 00000000 ____D () C:\Users\Jana\Desktop\Fringe
2014-04-11 17:02 - 2011-12-31 20:20 - 00000000 ____D () C:\Users\Jana\AppData\Local\Windows Live
2014-04-10 06:04 - 2011-06-27 21:48 - 00572120 _____ () C:\test.xml
2014-04-09 19:53 - 2014-04-09 19:53 - 474356486 _____ () C:\Users\Jana\Downloads\The_Following__Betrayal_14.04.07_21-00_uswnyw_60_TVOON_DE.mpg.avi
2014-04-09 19:50 - 2014-04-09 19:50 - 530511542 _____ () C:\Users\Jana\Downloads\Star-Crossed__An_Old_Accustom_d_Feast_14.04.07_20-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-09 19:50 - 2014-04-09 19:49 - 579944950 _____ () C:\Users\Jana\Downloads\Dexter_14.04.09_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-09 19:49 - 2014-04-09 19:49 - 703101802 _____ () C:\Users\Jana\Downloads\Dexter_14.04.08_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-09 14:01 - 2014-03-02 18:47 - 00000000 ____D () C:\Users\Jana\Downloads\OUAT Season 3
2014-04-09 11:12 - 2011-07-03 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 11:11 - 2013-08-14 01:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 11:09 - 2011-06-27 18:53 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 23:04 - 2014-02-04 21:07 - 00000000 ____D () C:\Users\Jana\Desktop\Dexter (1, 2 & 4 auf Festplatte)
2014-04-07 15:57 - 2014-03-28 23:56 - 00000000 ____D () C:\Users\Jana\Downloads\The 100
2014-04-07 15:35 - 2013-10-11 20:12 - 00000000 ____D () C:\Users\Jana\Downloads\The Tomorrow People
2014-04-07 15:28 - 2012-10-20 20:12 - 00000000 ____D () C:\Users\Jana\Downloads\Arrow
2014-04-07 14:34 - 2013-03-07 20:03 - 00000000 ____D () C:\Users\Jana\Downloads\Grimm Season 3
2014-04-06 00:33 - 2013-06-01 11:34 - 00000000 ____D () C:\Users\Jana\Downloads\Criminal Minds Season 9
2014-04-05 23:45 - 2014-02-02 16:24 - 00000000 ____D () C:\Users\Jana\Downloads\The Following
2014-04-05 22:41 - 2013-05-21 01:21 - 00000000 ____D () C:\Users\Jana\Downloads\Supernatural (hab S04 bis E15 und S08 bis E09)
2014-04-05 22:11 - 2014-02-22 19:51 - 00000000 ____D () C:\Users\Jana\Downloads\Star-Crossed
2014-04-05 22:03 - 2013-07-12 14:03 - 00000000 ____D () C:\Users\Jana\Downloads\Dexter
2014-04-05 16:30 - 2014-04-05 16:25 - 46063703 _____ () C:\Users\Jana\Desktop\Dexter_Nothing_Else_Could_Love_Me.mp4
2014-04-03 09:51 - 2014-04-18 13:50 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-18 13:50 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-18 13:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 20:04 - 2014-01-19 02:41 - 00000000 ____D () C:\Users\Jana\Desktop\13 Magnum Opus
2014-04-01 19:22 - 2012-10-20 20:12 - 00000000 ____D () C:\Users\Jana\Downloads\Beauty and the Beast Season 2
2014-03-31 14:34 - 2012-06-28 22:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 09:35 - 2011-06-27 19:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-28 21:29 - 2013-10-27 20:31 - 00000000 ____D () C:\Users\Jana\Downloads\Dracula
2014-03-28 20:58 - 2013-09-14 18:49 - 00000000 ____D () C:\Users\Jana\Downloads\The Originals
2014-03-28 01:26 - 2014-03-08 21:33 - 00003584 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\avgnt.exe
C:\Users\Juergen\AppData\Local\Temp\avgnt.exe
C:\Users\Juergen\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 09:57

==================== End Of Log ============================

--- --- ---

schrauber · 19.04.2014, 19:41

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

HatsErwischt · 20.04.2014, 08:58

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=89306f4369a50b4abfccaa88acbef63e
# engine=17949
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-18 07:23:14
# local_time=2014-04-18 09:23:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 94 11735 4531330 4473 0
# compatibility_mode=5893 16776574 100 94 12954 149478844 0 0
# scanned=122792
# found=2
# cleaned=0
# scan_time=4348
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="a variant of Win32/AdWare.Adpeak.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=89306f4369a50b4abfccaa88acbef63e
# engine=17958
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-20 07:39:10
# local_time=2014-04-20 09:39:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 94 49435 4661886 20618 0
# compatibility_mode=5893 16776574 100 94 143510 149609400 0 0
# scanned=239417
# found=5
# cleaned=0
# scan_time=6255
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="a variant of Win32/AdWare.Adpeak.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
sh=C80E33C8AF7D4DF6634A05B9FB7587E802F5A4FC ft=1 fh=07e16575d1930471 vn="a variant of Win32/Adware.Gator.L application" ac=I fn="D:\2nd install i\Install\Internet\Netsonic\NetSonic.exe"
sh=5F8F7477809DED897DB99C23991094FF0A662CAF ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.B trojan" ac=I fn="D:\2nd install i\Install\_NB\Internet (IP) Tools\TrafficMonitor\V3.31\tC_trafficmonitor_3.2.0.204.zip"
sh=5F8F7477809DED897DB99C23991094FF0A662CAF ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.B trojan" ac=I fn="D:\2nd install i\Install\_NB\Internet (IP) Tools\TrafficMonitor\V3.31\TrafficMonitor_v3.2.0.204.zip"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.81  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.182  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Juergen Desktop Virus SecurityCheck.exe 
 system32 OnlineScannerApp.exe -?-   
 system32 OnlineCmdLineScanner.exe -?-   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Juergen (administrator) on JANA-VAIO on 20-04-2014 09:55:58
Running from C:\Users\Juergen\Desktop\Virus
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [328048 2010-12-14] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-11-14] (VMware, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [180304 2014-04-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2336996420-966744919-1357593008-1003\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2336996420-966744919-1357593008-1004\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-2336996420-966744919-1357593008-1004\...\MountPoints2: {8721d1a1-53a0-11e3-94a2-005056c00008} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2336996420-966744919-1357593008-1004\...\MountPoints2: {c0c0430a-ad94-11e1-b406-18f46adbf8f9} - G:\Setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {55A5C5AA-D2E4-41F4-9E7A-B232CFA2E84F} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {ABE32F0C-531E-4D21-9FD9-6B14B06F5B19} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
SearchScopes: HKCU - {F3D5E643-BEC4-4182-A986-10C13F411107} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.68.68

FireFox:
========
FF ProfilePath: C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\r6p7e6zl.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\r6p7e6zl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-18]
FF Extension: MozRepl - C:\Users\Juergen\AppData\Roaming\Mozilla\Firefox\Profiles\r6p7e6zl.default\Extensions\mozrepl@hyperstruct.net.xpi [2012-10-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-30]

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [122448 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] ()
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
S2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\standard\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 07:46 - 2014-04-20 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-20 07:46 - 2014-04-20 07:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-20 07:46 - 2014-04-20 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-20 07:46 - 2014-04-20 07:46 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-20 02:41 - 2014-04-20 03:17 - 525023744 _____ () C:\Users\Jana\Downloads\The_100__Twilight_s_Last_Gleaming_14.04.16_21-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-20 02:01 - 2014-04-20 02:36 - 509350040 _____ () C:\Users\Jana\Downloads\Criminal_Minds__Gatekeeper_14.04.16_21-00_uswcbs_60_TVOON_DE.mpg.avi.otrkey
2014-04-20 00:26 - 2014-04-20 01:06 - 491943064 _____ () C:\Users\Jana\Downloads\Supernatural__Meta_Fiction_14.04.15_21-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-19 23:53 - 2014-04-20 00:26 - 457404724 _____ () C:\Users\Jana\Downloads\The_Vampire_Diaries__Resident_Evil_14.04.17_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-19 22:57 - 2014-04-19 23:31 - 442073420 _____ () C:\Users\Jana\Downloads\The_Originals__The_Big_Uneasy_14.04.15_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-19 22:04 - 2014-04-19 22:40 - 481645906 _____ () C:\Users\Jana\Downloads\Arrow__The_Man_Under_the_Hood_14.04.16_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-19 21:22 - 2014-04-19 22:00 - 540776986 _____ () C:\Users\Jana\Downloads\The_Tomorrow_People__Modus_Vivendi_14.04.14_21-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-19 19:08 - 2014-04-19 19:43 - 506020080 _____ () C:\Users\Jana\Downloads\The_Following__The_Reaping_14.04.14_21-00_uswnyw_60_TVOON_DE.mpg.avi.otrkey
2014-04-19 17:42 - 2014-04-19 18:29 - 667903514 _____ () C:\Users\Jana\Downloads\Dexter_14.04.15_01-05_ukcbsaction_65_TVOON_DE.mpg.avi.otrkey
2014-04-19 07:58 - 2014-04-19 07:56 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-19 07:49 - 2014-04-19 13:05 - 00000280 _____ () C:\Windows\setupact.log
2014-04-19 07:49 - 2014-04-19 07:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 07:48 - 2014-04-19 07:48 - 00083618 _____ () C:\Windows\PFRO.log
2014-04-18 21:25 - 2014-04-18 21:25 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Avira
2014-04-18 18:05 - 2014-04-18 18:05 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Avira
2014-04-18 18:03 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-18 18:03 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-18 18:03 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-18 17:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-18 17:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-18 17:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-18 17:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-18 17:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-18 17:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-18 17:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-18 17:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-18 17:01 - 2014-04-18 17:23 - 00000000 ____D () C:\Qoobox
2014-04-18 17:01 - 2014-04-18 17:22 - 00000000 ____D () C:\Windows\erdnt
2014-04-18 16:48 - 2014-04-18 18:03 - 00000000 ____D () C:\ProgramData\Avira
2014-04-18 16:48 - 2014-04-18 18:03 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-18 16:39 - 2014-04-18 16:39 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Evernote
2014-04-18 16:19 - 2014-04-18 16:19 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-18 16:19 - 2014-04-18 16:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-18 16:02 - 2014-04-20 09:55 - 00000000 ____D () C:\Users\Juergen\Desktop\Virus
2014-04-18 15:47 - 2014-04-18 15:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-18 15:25 - 2014-04-18 15:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-18 15:19 - 2014-04-20 09:55 - 00000000 ____D () C:\FRST
2014-04-18 13:50 - 2014-04-19 11:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-18 13:50 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 13:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-18 13:50 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-18 13:43 - 2014-04-18 13:43 - 04464280 _____ (Avira Operations GmbH & Co. KG) C:\Users\Juergen\Downloads\avira_de_av___ws.exe
2014-04-18 13:37 - 2014-04-19 11:55 - 00000000 ____D () C:\AdwCleaner
2014-04-18 07:56 - 2014-04-18 07:58 - 30818216 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jre-7u55-windows-x64(1).exe
2014-04-18 07:21 - 2014-04-18 07:23 - 30818216 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jre-7u55-windows-x64.exe
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\ProgramData\Auslogics
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-17 20:48 - 2014-04-17 20:48 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Auslogics
2014-04-17 20:08 - 2014-04-17 20:08 - 01071360 _____ (Solid State Networks) C:\Users\Juergen\Downloads\install_flashplayer13x32axau_gtbd_chrd_dn_aaa_aih.exe
2014-04-17 20:01 - 2014-04-17 20:01 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2014-04-17 20:01 - 2014-04-17 20:01 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-17 20:01 - 2014-04-17 20:01 - 00003136 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\iolo
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\ProgramData\iolo
2014-04-17 20:01 - 2013-11-01 14:59 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2014-04-17 20:01 - 2013-11-01 14:59 - 00021176 _____ (iolo technologies, LLC) C:\Windows\system32\iolorgdf64.exe
2014-04-17 19:54 - 2014-04-17 19:55 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 19:30 - 2014-04-17 19:30 - 00000000 ____D () C:\MININT
2014-04-17 19:29 - 2014-04-17 19:30 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\IDM2
2014-04-17 19:28 - 2014-04-17 19:28 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager Upgrade
2014-04-17 17:58 - 2014-04-17 19:28 - 00000000 ____D () C:\Users\Jana\AppData\Local\Deployment
2014-04-17 17:58 - 2014-04-17 17:58 - 00000000 ____D () C:\Users\Jana\AppData\Local\Apps\2.0
2014-04-15 22:16 - 2014-04-15 22:50 - 488094368 _____ () C:\Users\Jana\Downloads\Once_Upon_a_Time__The_Jolly_Roger_14.04.13_20-00_uswabc_60_TVOON_DE.mpg.avi.otrkey
2014-04-15 19:35 - 2014-04-15 20:09 - 485882376 _____ () C:\Users\Jana\Downloads\Star-Crossed__Some_Consequence_Yet_Hanging_in_the_Stars_14.04.14_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-14 21:08 - 2014-04-14 21:09 - 368889764 _____ () C:\Users\Jana\Downloads\The_Big_Bang_Theory__The_Relationship_Diremption_14.04.10_20-00_uswcbs_31_TVOON_DE.mpg.avi
2014-04-14 17:12 - 2014-04-14 17:13 - 504477050 _____ () C:\Users\Jana\Downloads\Grimm__The_Law_of_Sacrifice_14.04.11_21-00_uswnbc_61_TVOON_DE.mpg.avi
2014-04-14 06:08 - 2014-04-14 22:11 - 00000000 ____D () C:\Users\Jana\Downloads\Game of Thrones
2014-04-13 16:10 - 2014-04-13 16:11 - 492950368 _____ () C:\Users\Jana\Downloads\The_100__Murphy_s_Law_14.04.09_21-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-13 16:09 - 2014-04-13 16:09 - 609630190 _____ () C:\Users\Jana\Downloads\Dexter_14.04.12_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:08 - 2014-04-13 16:09 - 567721508 _____ () C:\Users\Jana\Downloads\Dexter_14.04.11_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:07 - 2014-04-13 16:08 - 673209046 _____ () C:\Users\Jana\Downloads\Dexter_14.04.10_01-15_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:03 - 2014-04-13 16:03 - 474281840 _____ () C:\Users\Jana\Downloads\Criminal_Minds__What_Happens_in_Mecklinburg_____14.04.09_21-00_uswcbs_60_TVOON_DE.mpg.avi
2014-04-10 17:55 - 2014-04-11 17:48 - 00000000 ____D () C:\Users\Jana\Desktop\Fringe
2014-04-09 19:53 - 2014-04-09 19:53 - 474356486 _____ () C:\Users\Jana\Downloads\The_Following__Betrayal_14.04.07_21-00_uswnyw_60_TVOON_DE.mpg.avi
2014-04-09 19:50 - 2014-04-09 19:50 - 530511542 _____ () C:\Users\Jana\Downloads\Star-Crossed__An_Old_Accustom_d_Feast_14.04.07_20-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-09 19:49 - 2014-04-09 19:50 - 579944950 _____ () C:\Users\Jana\Downloads\Dexter_14.04.09_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-09 19:49 - 2014-04-09 19:49 - 703101802 _____ () C:\Users\Jana\Downloads\Dexter_14.04.08_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-08 13:26 - 2014-04-12 19:01 - 00000000 ____D () C:\Users\Jana\Desktop\Verpasster Stoff
2014-04-05 16:25 - 2014-04-05 16:30 - 46063703 _____ () C:\Users\Jana\Desktop\Dexter_Nothing_Else_Could_Love_Me.avi
2014-03-30 13:39 - 2014-04-18 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 23:56 - 2014-04-07 15:57 - 00000000 ____D () C:\Users\Jana\Downloads\The 100

==================== One Month Modified Files and Folders =======

2014-04-20 09:55 - 2014-04-18 16:02 - 00000000 ____D () C:\Users\Juergen\Desktop\Virus
2014-04-20 09:55 - 2014-04-18 15:19 - 00000000 ____D () C:\FRST
2014-04-20 09:31 - 2012-04-06 19:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 08:07 - 2010-11-25 13:19 - 00000000 ____D () C:\Program Files (x86)\Downloaded Installations
2014-04-20 07:51 - 2011-01-26 17:51 - 01368783 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 07:47 - 2013-10-20 12:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 07:46 - 2014-04-20 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-20 07:46 - 2014-04-20 07:46 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-20 07:46 - 2014-04-20 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-20 07:46 - 2014-04-20 07:46 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-20 07:46 - 2012-03-12 21:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-20 03:17 - 2014-04-20 02:41 - 525023744 _____ () C:\Users\Jana\Downloads\The_100__Twilight_s_Last_Gleaming_14.04.16_21-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-20 02:56 - 2011-06-28 17:41 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\vlc
2014-04-20 02:36 - 2014-04-20 02:01 - 509350040 _____ () C:\Users\Jana\Downloads\Criminal_Minds__Gatekeeper_14.04.16_21-00_uswcbs_60_TVOON_DE.mpg.avi.otrkey
2014-04-20 01:06 - 2014-04-20 00:26 - 491943064 _____ () C:\Users\Jana\Downloads\Supernatural__Meta_Fiction_14.04.15_21-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-20 00:26 - 2014-04-19 23:53 - 457404724 _____ () C:\Users\Jana\Downloads\The_Vampire_Diaries__Resident_Evil_14.04.17_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-20 00:13 - 2011-03-22 12:03 - 00000900 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-04-19 23:31 - 2014-04-19 22:57 - 442073420 _____ () C:\Users\Jana\Downloads\The_Originals__The_Big_Uneasy_14.04.15_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-19 22:40 - 2014-04-19 22:04 - 481645906 _____ () C:\Users\Jana\Downloads\Arrow__The_Man_Under_the_Hood_14.04.16_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-19 22:00 - 2014-04-19 21:22 - 540776986 _____ () C:\Users\Jana\Downloads\The_Tomorrow_People__Modus_Vivendi_14.04.14_21-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-19 19:43 - 2014-04-19 19:08 - 506020080 _____ () C:\Users\Jana\Downloads\The_Following__The_Reaping_14.04.14_21-00_uswnyw_60_TVOON_DE.mpg.avi.otrkey
2014-04-19 18:29 - 2014-04-19 17:42 - 667903514 _____ () C:\Users\Jana\Downloads\Dexter_14.04.15_01-05_ukcbsaction_65_TVOON_DE.mpg.avi.otrkey
2014-04-19 13:13 - 2009-07-14 06:45 - 00013664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 13:13 - 2009-07-14 06:45 - 00013664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 13:05 - 2014-04-19 07:49 - 00000280 _____ () C:\Windows\setupact.log
2014-04-19 13:05 - 2011-12-23 22:40 - 00000000 ____D () C:\ProgramData\VMware
2014-04-19 13:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 11:55 - 2014-04-18 13:37 - 00000000 ____D () C:\AdwCleaner
2014-04-19 11:47 - 2014-04-18 13:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 08:11 - 2013-10-02 18:01 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Dropbox
2014-04-19 08:03 - 2013-10-02 18:04 - 00001024 _____ () C:\Users\Juergen\Desktop\Dropbox.lnk
2014-04-19 08:03 - 2013-10-02 18:01 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-19 07:56 - 2014-04-19 07:58 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-19 07:49 - 2014-04-19 07:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 07:48 - 2014-04-19 07:48 - 00083618 _____ () C:\Windows\PFRO.log
2014-04-18 21:25 - 2014-04-18 21:25 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Avira
2014-04-18 20:45 - 2011-12-31 11:15 - 00007608 _____ () C:\Users\Juergen\AppData\Local\Resmon.ResmonCfg
2014-04-18 18:05 - 2014-04-18 18:05 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Avira
2014-04-18 18:03 - 2014-04-18 16:48 - 00000000 ____D () C:\ProgramData\Avira
2014-04-18 18:03 - 2014-04-18 16:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-18 17:31 - 2011-06-27 19:35 - 00000000 ____D () C:\Update
2014-04-18 17:23 - 2014-04-18 17:01 - 00000000 ____D () C:\Qoobox
2014-04-18 17:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-18 17:22 - 2014-04-18 17:01 - 00000000 ____D () C:\Windows\erdnt
2014-04-18 17:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-18 16:48 - 2012-09-26 20:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-18 16:39 - 2014-04-18 16:39 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Evernote
2014-04-18 16:38 - 2014-03-30 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-18 16:21 - 2013-12-30 23:44 - 00000000 ____D () C:\Windows\Minidump
2014-04-18 16:21 - 2010-10-12 19:28 - 00000000 ____D () C:\Windows\Panther
2014-04-18 16:19 - 2014-04-18 16:19 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-18 16:19 - 2014-04-18 16:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-18 15:47 - 2014-04-18 15:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-18 15:25 - 2014-04-18 15:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-18 14:33 - 2011-11-19 20:00 - 01106178 _____ () C:\Users\Juergen\AppData\Local\census.cache
2014-04-18 14:32 - 2011-11-19 20:00 - 00101692 _____ () C:\Users\Juergen\AppData\Local\ars.cache
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 13:50 - 2014-04-18 13:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-18 13:43 - 2014-04-18 13:43 - 04464280 _____ (Avira Operations GmbH & Co. KG) C:\Users\Juergen\Downloads\avira_de_av___ws.exe
2014-04-18 13:37 - 2010-11-25 12:52 - 00000000 ____D () C:\Program Files\Sony
2014-04-18 13:36 - 2010-11-25 12:52 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-18 13:36 - 2010-10-12 19:48 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-04-18 13:36 - 2010-10-12 19:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-18 13:29 - 2012-06-03 18:19 - 00000000 ____D () C:\Program Files (x86)\Philips
2014-04-18 13:29 - 2011-06-27 23:19 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Sony Corporation
2014-04-18 12:59 - 2011-06-27 23:20 - 00120992 _____ () C:\Users\Jana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-18 07:58 - 2014-04-18 07:56 - 30818216 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jre-7u55-windows-x64(1).exe
2014-04-18 07:50 - 2011-07-10 10:06 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Adobe
2014-04-18 07:24 - 2012-04-06 19:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-18 07:24 - 2012-04-06 19:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-18 07:24 - 2011-07-10 22:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-18 07:23 - 2014-04-18 07:21 - 30818216 _____ (Oracle Corporation) C:\Users\Juergen\Downloads\jre-7u55-windows-x64.exe
2014-04-18 07:17 - 2011-06-28 17:29 - 01630180 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-18 07:17 - 2010-11-25 21:39 - 00715064 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 07:17 - 2010-11-25 21:39 - 00154540 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 07:17 - 2009-07-14 07:13 - 01630180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\ProgramData\Auslogics
2014-04-18 06:26 - 2014-04-18 06:26 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-17 20:48 - 2014-04-17 20:48 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\Auslogics
2014-04-17 20:34 - 2011-12-12 20:22 - 00000000 ____D () C:\Users\Juergen\AppData\Local\Sony Corporation
2014-04-17 20:08 - 2014-04-17 20:08 - 01071360 _____ (Solid State Networks) C:\Users\Juergen\Downloads\install_flashplayer13x32axau_gtbd_chrd_dn_aaa_aih.exe
2014-04-17 20:01 - 2014-04-17 20:01 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2014-04-17 20:01 - 2014-04-17 20:01 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-04-17 20:01 - 2014-04-17 20:01 - 00003136 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\iolo
2014-04-17 20:01 - 2014-04-17 20:01 - 00000000 ____D () C:\ProgramData\iolo
2014-04-17 19:55 - 2014-04-17 19:54 - 00004328 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 19:44 - 2009-07-14 06:45 - 00456048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-17 19:32 - 2011-06-27 23:10 - 00120992 _____ () C:\Users\Juergen\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 19:30 - 2014-04-17 19:30 - 00000000 ____D () C:\MININT
2014-04-17 19:30 - 2014-04-17 19:29 - 00000000 ____D () C:\Users\Juergen\AppData\Roaming\IDM2
2014-04-17 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-04-17 19:28 - 2014-04-17 19:28 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager Upgrade
2014-04-17 19:28 - 2014-04-17 17:58 - 00000000 ____D () C:\Users\Jana\AppData\Local\Deployment
2014-04-17 17:58 - 2014-04-17 17:58 - 00000000 ____D () C:\Users\Jana\AppData\Local\Apps\2.0
2014-04-16 21:21 - 2013-11-11 20:20 - 00000000 ____D () C:\Users\Jana\Desktop\Stücke auf Handy
2014-04-15 22:50 - 2014-04-15 22:16 - 488094368 _____ () C:\Users\Jana\Downloads\Once_Upon_a_Time__The_Jolly_Roger_14.04.13_20-00_uswabc_60_TVOON_DE.mpg.avi.otrkey
2014-04-15 20:09 - 2014-04-15 19:35 - 485882376 _____ () C:\Users\Jana\Downloads\Star-Crossed__Some_Consequence_Yet_Hanging_in_the_Stars_14.04.14_20-00_uswpix_60_TVOON_DE.mpg.avi.otrkey
2014-04-14 22:11 - 2014-04-14 06:08 - 00000000 ____D () C:\Users\Jana\Downloads\Game of Thrones
2014-04-14 22:10 - 2013-12-21 00:55 - 00000000 ____D () C:\Users\Jana\Desktop\Stücke FÜR Handy
2014-04-14 21:09 - 2014-04-14 21:08 - 368889764 _____ () C:\Users\Jana\Downloads\The_Big_Bang_Theory__The_Relationship_Diremption_14.04.10_20-00_uswcbs_31_TVOON_DE.mpg.avi
2014-04-14 17:13 - 2014-04-14 17:12 - 504477050 _____ () C:\Users\Jana\Downloads\Grimm__The_Law_of_Sacrifice_14.04.11_21-00_uswnbc_61_TVOON_DE.mpg.avi
2014-04-14 14:28 - 2014-01-09 20:06 - 00000000 ____D () C:\Users\Jana\Desktop\Berichtsheft
2014-04-13 16:11 - 2014-04-13 16:10 - 492950368 _____ () C:\Users\Jana\Downloads\The_100__Murphy_s_Law_14.04.09_21-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-13 16:09 - 2014-04-13 16:09 - 609630190 _____ () C:\Users\Jana\Downloads\Dexter_14.04.12_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:09 - 2014-04-13 16:08 - 567721508 _____ () C:\Users\Jana\Downloads\Dexter_14.04.11_01-05_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:08 - 2014-04-13 16:07 - 673209046 _____ () C:\Users\Jana\Downloads\Dexter_14.04.10_01-15_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-13 16:03 - 2014-04-13 16:03 - 474281840 _____ () C:\Users\Jana\Downloads\Criminal_Minds__What_Happens_in_Mecklinburg_____14.04.09_21-00_uswcbs_60_TVOON_DE.mpg.avi
2014-04-13 15:24 - 2013-10-12 13:58 - 00000000 ____D () C:\Users\Jana\Downloads\OUAT in Wonderland
2014-04-12 23:00 - 2011-09-25 22:20 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Skype
2014-04-12 21:00 - 2013-10-19 23:01 - 00000000 ____D () C:\Users\Jana\Desktop\TWD Staffel 4
2014-04-12 19:01 - 2014-04-08 13:26 - 00000000 ____D () C:\Users\Jana\Desktop\Verpasster Stoff
2014-04-12 13:13 - 2014-01-18 15:59 - 00000000 ____D () C:\Users\Jana\Desktop\Referate, die sich erledigt haben
2014-04-11 17:48 - 2014-04-10 17:55 - 00000000 ____D () C:\Users\Jana\Desktop\Fringe
2014-04-11 17:02 - 2011-12-31 20:20 - 00000000 ____D () C:\Users\Jana\AppData\Local\Windows Live
2014-04-10 06:04 - 2011-06-27 21:48 - 00572120 _____ () C:\test.xml
2014-04-09 19:53 - 2014-04-09 19:53 - 474356486 _____ () C:\Users\Jana\Downloads\The_Following__Betrayal_14.04.07_21-00_uswnyw_60_TVOON_DE.mpg.avi
2014-04-09 19:50 - 2014-04-09 19:50 - 530511542 _____ () C:\Users\Jana\Downloads\Star-Crossed__An_Old_Accustom_d_Feast_14.04.07_20-00_uswpix_60_TVOON_DE.mpg.avi
2014-04-09 19:50 - 2014-04-09 19:49 - 579944950 _____ () C:\Users\Jana\Downloads\Dexter_14.04.09_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-09 19:49 - 2014-04-09 19:49 - 703101802 _____ () C:\Users\Jana\Downloads\Dexter_14.04.08_01-10_ukcbsaction_65_TVOON_DE.mpg.avi
2014-04-09 14:01 - 2014-03-02 18:47 - 00000000 ____D () C:\Users\Jana\Downloads\OUAT Season 3
2014-04-09 11:12 - 2011-07-03 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 11:11 - 2013-08-14 01:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 11:09 - 2011-06-27 18:53 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 23:04 - 2014-02-04 21:07 - 00000000 ____D () C:\Users\Jana\Desktop\Dexter (1, 2 & 4 auf Festplatte)
2014-04-07 15:57 - 2014-03-28 23:56 - 00000000 ____D () C:\Users\Jana\Downloads\The 100
2014-04-07 15:35 - 2013-10-11 20:12 - 00000000 ____D () C:\Users\Jana\Downloads\The Tomorrow People
2014-04-07 15:28 - 2012-10-20 20:12 - 00000000 ____D () C:\Users\Jana\Downloads\Arrow
2014-04-07 14:34 - 2013-03-07 20:03 - 00000000 ____D () C:\Users\Jana\Downloads\Grimm Season 3
2014-04-06 00:33 - 2013-06-01 11:34 - 00000000 ____D () C:\Users\Jana\Downloads\Criminal Minds Season 9
2014-04-05 23:45 - 2014-02-02 16:24 - 00000000 ____D () C:\Users\Jana\Downloads\The Following
2014-04-05 22:41 - 2013-05-21 01:21 - 00000000 ____D () C:\Users\Jana\Downloads\Supernatural (hab S04 bis E15 und S08 bis E09)
2014-04-05 22:11 - 2014-02-22 19:51 - 00000000 ____D () C:\Users\Jana\Downloads\Star-Crossed
2014-04-05 22:03 - 2013-07-12 14:03 - 00000000 ____D () C:\Users\Jana\Downloads\Dexter
2014-04-05 16:30 - 2014-04-05 16:25 - 46063703 _____ () C:\Users\Jana\Desktop\Dexter_Nothing_Else_Could_Love_Me.avi
2014-04-03 09:51 - 2014-04-18 13:50 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-18 13:50 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-18 13:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 20:04 - 2014-01-19 02:41 - 00000000 ____D () C:\Users\Jana\Desktop\13 Magnum Opus
2014-04-01 19:22 - 2012-10-20 20:12 - 00000000 ____D () C:\Users\Jana\Downloads\Beauty and the Beast Season 2
2014-03-31 14:34 - 2012-06-28 22:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 09:35 - 2011-06-27 19:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-28 21:29 - 2013-10-27 20:31 - 00000000 ____D () C:\Users\Jana\Downloads\Dracula
2014-03-28 20:58 - 2013-09-14 18:49 - 00000000 ____D () C:\Users\Jana\Downloads\The Originals
2014-03-28 01:26 - 2014-03-08 21:33 - 00003584 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\avgnt.exe
C:\Users\Juergen\AppData\Local\Temp\avgnt.exe
C:\Users\Juergen\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 09:57

==================== End Of Log ============================

--- --- ---

schrauber · 20.04.2014, 18:23

Java updaten. Windows updaten, da fehlt ein ganzes Servicepack!

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

HatsErwischt · 20.04.2014, 19:43

Zitat:

Results of screen317's Security Check version 0.99.81
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version out of Date!

Hallo Schrauber,
herzlichen Dank für deine Hilfe.

Windows Updates sind aktiviert - trotzdem wird mir das SP1 nicht angezeigt. Es ist auch nicht ausgeblendet.
Ich lade das mal manuell runter

Java sagt mir: Sie haben die empfohlene Java-Version installiert (Version 7 Update 55)
Wo bekomme ich eine aktuellere ?

schrauber · 21.04.2014, 20:11

Java passt, ich hab nit korrekt geschaut

21.04.2014, 20:11	#10
schrauber /// the machine /// TB-Ausbilder	Avira Start wird durch eine Gruppenrichtlinie blockiert Java passt, ich hab nit korrekt geschaut __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Avira Start wird durch eine Gruppenrichtlinie blockiert

Log-Analyse und Auswertung: Avira Start wird durch eine Gruppenrichtlinie blockiert