Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.02.2015, 11:59   #1
LarryPerkins
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Hallo,

ich werde regelmässig auf den Desktop geschmissen und aus dem aktuell laufenden Programm (Spiel oder Email schreiben). Dabei öffnet sich sehr kurz ein Programm in der Leiste und schließt sich wieder.
Bin für jede Hilfe dankbar.


Junkware Removal Tool:


JRT Logfile:JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by XXX YYY on 09.02.2015 at  9:45:31,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\XXX YYY\appdata\local\{00117357-098D-4607-B578-EA895FB3BDCC}
Successfully deleted: [Empty Folder] C:\Users\XXX YYY\appdata\local\{0015BDB9-E463-410E-AF47-D3FA19F7A24A}
Successfully deleted: [Empty Folder] C:\Users\XXX YYY\appdata\local\{00193A7B-AFAC-4EC0-A098-E770E575232C}
Successfully deleted: [Empty Folder] C:\Users\XXX YYY\appdata\local\{00ED0629-4593-42C0-BA0B-F9743F041517}
Successfully deleted: [Empty Folder] C:\Users\XXX YYY\appdata\local\{00FC3838-9A0A-4AED-A712-87735292151E}
...
(hier folgen lauter leere ORdner, denke nicht dass das viel bringt, außedem wird der Post damit zu lang)



~~~ FireFox

Successfully deleted the following from C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\prefs.js

user_pref("extensions.alexa.searchconf", "{\n  \"google\" : {\n     \"urlexp\" : \"hxxp(?:s)?:\\\\/\\\\/(?:www[0-9]*\\\\.|encrypted\\\\.)(?:l\\\\.)?google\\\\..*\\\\/.*[?#&]q=
user_pref("services.sync.client.syncID", "Tv9AODYDY9mr");
Emptied folder: C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\minidumps [364 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2015 at  9:49:16,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


Malwarebytes Scan Log vor Malwarebytes Removal:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 05.02.2015
Scan Time: 16:56:49
Logfile: Malwarebytes Scan.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.05.07
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: YYY XXX

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348571
Time Elapsed: 15 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-3557091032-3563988234-1886976076-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, Delete-on-Reboot, [a833bd5d44463ef841902edc2bda45bb], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3557091032-3563988234-1886976076-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Delete-on-Reboot, [27b4ac6ea6e4ff37bba9746edc28de22], 

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3557091032-3563988234-1886976076-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, Delete-on-Reboot, [27b4ac6ea6e4ff37bba9746edc28de22]

Registry Data: 1
PUP.Optional.StartPage, HKU\S-1-5-21-3557091032-3563988234-1886976076-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=5ABA002710DD58F0&affID=119357&tsp=4958, Good: (www.google.com), Bad: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=5ABA002710DD58F0&affID=119357&tsp=4958),Delete-on-Reboot,[5883bd5de1a9a19573b40ca6ee17f907]

Folders: 4
PUP.Optional.DigitalSite.A, C:\Users\YYY XXX\AppData\Roaming\DigitalSite\UpdateProc, Quarantined, [697273a7395145f124db537b62a116ea], 
PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com, Quarantined, [934863b7c8c240f605e05a2628db5ca4], 
PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults, Quarantined, [934863b7c8c240f605e05a2628db5ca4], 
PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences, Quarantined, [934863b7c8c240f605e05a2628db5ca4], 

Files: 7
PUP.Optional.Delta.A, C:\Users\YYY XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage, Quarantined, [02d9d644f09acf67a223891140c31ce4], 
PUP.Optional.Delta.A, C:\Users\YYY XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage-journal, Quarantined, [20bbec2edfabb77f23a26931c53e3fc1], 
PUP.Optional.Babylon.A, C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\searchplugins\babylon.xml, Quarantined, [89524fcbbcce01350b93239e47bcac54], 
PUP.Optional.DigitalSite.A, C:\Users\YYY XXX\AppData\Roaming\DigitalSite\UpdateProc\config.dat, Quarantined, [697273a7395145f124db537b62a116ea], 
PUP.Optional.DigitalSite.A, C:\Users\YYY XXX\AppData\Roaming\DigitalSite\UpdateProc\prod.dat, Quarantined, [697273a7395145f124db537b62a116ea], 
PUP.Optional.BrowserDefender.A, C:\Users\YYY XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage, Quarantined, [a13abe5cfc8ee94d8dfffbea41c3936d], 
PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences\dflt.js, Quarantined, [934863b7c8c240f605e05a2628db5ca4], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
Malwarebytes Protection Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 05.02.2015 16:56:38, SYSTEM, YYYXXX-VAIO, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 05.02.2015 16:56:38, SYSTEM, YYYXXX-VAIO, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, 
Update, 05.02.2015 16:56:42, SYSTEM, YYYXXX-VAIO, Manual, Malware Database, 2014.11.20.6, 2015.2.5.7, 
Scan, 05.02.2015 17:17:15, SYSTEM, YYYXXX-VAIO, Manual, Start:05.02.2015 16:56:49, Duration:15 min 15 sec, Threat Scan, Completed, 0 Malware Detections, 15 Non-Malware Detections, 

(end)
         


Malwarebytes Scan Log after Malwarebytes Removal:


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 08.02.2015
Scan Time: 16:36:45
Logfile: Malwarebytes Scan after Malwarebytes Removal.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.08.04
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: YYY YYY

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348841
Time Elapsed: 16 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:59 on 09/02/2015 (XXX)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by YYY XXX (administrator) on YYYXXX-VAIO on 09-02-2015 12:01:02
Running from C:\Users\YYY XXX\Downloads
Loaded Profiles: YYY XXX (Available profiles: YYY XXX)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(UPEK Inc.) C:\Program Files\Protector Suite\psqltray.exe
(Microsoft Corporation) C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
() C:\Users\YYY XXX\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9962016 2010-06-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2010-03-01] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [84744 2010-04-27] (UPEK Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [253440 2010-05-18] (Vodafone)
HKLM-x32\...\Run: [MarketingTools] => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2013-03-19] (Sony Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [SkyDrive] => C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [GoogleChromeAutoLaunch_550EDA027B4B11347618D98EDCBB3ADF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {852a4381-bbbe-11e2-9681-0024bed7ff33} - D:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {852a43a5-bbbe-11e2-9681-0024bed7ff33} - D:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {c8b79af5-29a7-11e3-9355-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d80812ee-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d80812ff-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d808131c-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d808133f-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\YYY XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\YYY XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
Startup: C:\Users\YYY XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {3617BCD7-E991-4BB5-8542-09A0B20EE913} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {794C16B2-C354-42CB-8212-172F5BD771B6} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {A70EC677-F517-45E6-831A-E87104D7AC0B} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{876E33B5-EE1E-4322-8F79-79EB6087A1E2}: [NameServer]  
Tcpip\..\Interfaces\{AA2DF348-6AB3-482F-A8BC-41E89158A468}: [NameServer] 10.74.210.210 10.74.210.211

FireFox:
========
FF ProfilePath: C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\YYY XXX\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3557091032-3563988234-1886976076-1000: @citrixonline.com/appdetectorplugin -> C:\Users\YYY XXX\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3557091032-3563988234-1886976076-1000: LWAPlugin15.8 -> C:\Users\YYY XXX\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\YYY XXX\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\YYY XXX\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\YYY XXX\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\searchplugins\translate-korean-to-english.xml
FF Extension: Avira Browser Safety - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\abs@avira.com [2015-02-03]
FF Extension: Password Bank - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\passwordbank@upek.com [2013-03-20]
FF Extension: Ghostery - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\firefox@ghostery.com.xpi [2013-08-19]
FF Extension: FireGestures - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\firegestures@xuldev.org.xpi [2013-03-20]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-08-09]
FF Extension: Yesware Email Tracking - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2013-04-24]
FF Extension: Rapportive - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\rapportive@rapportive.com.xpi [2013-06-20]
FF Extension: TinEye Reverse Image Search - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\tineye@ideeinc.com.xpi [2013-03-20]
FF Extension: Screengrab - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2013-03-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
         
GMER:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-09 12:53:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 119,25GB
Running: Gmer-19357.exe; Driver: C:\Users\YYYRAU~1\AppData\Local\Temp\kftyrpoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                                                                                                                fffff800037f5070 25 bytes [C4, 08, 4C, 89, 64, 24, 50, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 586                                                                                                                                                                                                fffff800037f508a 6 bytes [00, 00, 00, 80, 05, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                              0000000077011465 2 bytes [01, 77]
.text     C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                             00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                           0000000077011465 2 bytes [01, 77]
.text     C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                          00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                        0000000077011465 2 bytes [01, 77]
.text     C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                       00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                        0000000077011465 2 bytes [01, 77]
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                       00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\ProgramData\DatacardService\DCSHelper.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                        0000000077011465 2 bytes [01, 77]
.text     C:\ProgramData\DatacardService\DCSHelper.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                       00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                    0000000077011465 2 bytes [01, 77]
.text     C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                   00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[1416] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                                                          0000000077011465 2 bytes [01, 77]
.text     C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[1416] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                                                         00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                   0000000077011465 2 bytes [01, 77]
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                  00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[5324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                              0000000077011465 2 bytes [01, 77]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[5324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                             00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                  0000000077011465 2 bytes [01, 77]
.text     C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                 00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                              0000000077011465 2 bytes [01, 77]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                             00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
?         C:\Windows\system32\mssprxy.dll [5456] entry point in ".rdata" section                                                                                                                                                                                            00000000593d71e6
.text     C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                0000000077011465 2 bytes [01, 77]
.text     C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                               00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                                    0000000077011465 2 bytes [01, 77]
.text     C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                                   00000000770114bb 2 bytes [01, 77]
.text     ...                                                                                                                                                                                                                                                               * 2
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                                        00000000775bf9e0 5 bytes JMP 000000010f68ea93
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey                                                                                                                                                      00000000775bfa28 5 bytes JMP 000000010f68f0f8
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                                                                                                            00000000775bfa40 5 bytes JMP 000000010f68d830
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey                                                                                                                                                     00000000775bfa90 5 bytes JMP 000000010f68d38c
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                                                                                00000000775bfaa8 5 bytes JMP 000000010f68d67d
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey                                                                                                                                                    00000000775bfb40 5 bytes JMP 000000010f68f338
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                                                                                           00000000775bfc38 5 bytes JMP 000000010f69a713
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                                                                                                                 00000000775bfd4c 5 bytes JMP 000000010f68d1d4
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                                                     00000000775bfd64 5 bytes JMP 000000010f699d35
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                                                                           00000000775bfd98 5 bytes JMP 000000010f69a030
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                              00000000775bfe44 5 bytes JMP 000000010f68e668
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                                                                                                          00000000775bfe5c 5 bytes JMP 000000010f699e5e
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                                   00000000775c00b4 5 bytes JMP 000000010f699b7a
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                                  00000000775c01c4 5 bytes JMP 000000010f68d9d8
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted                                                                                                                                          00000000775c0754 5 bytes JMP 000000010f68f3da
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile                                                                                                                                                   00000000775c09e4 5 bytes JMP 000000010f699d72
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey                                                                                                                                                    00000000775c09fc 5 bytes JMP 000000010f68cfa8
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                                                                               00000000775c0a44 5 bytes JMP 000000010f68db8e
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey                                                                                                                                                     00000000775c0b80 5 bytes JMP 000000010f68d0be
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                                                                                                              00000000775c0f70 5 bytes JMP 000000010f68e01b
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                     00000000775c0f88 5 bytes JMP 000000010f68e1b7
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                                                                                                                    00000000775c1018 5 bytes JMP 000000010f68f185
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted                                                                                                                                            00000000775c1030 5 bytes JMP 000000010f68f2a8
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx                                                                                                                                          00000000775c1048 5 bytes JMP 000000010f68f215
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                                                                                                                      00000000775c133c 5 bytes JMP 000000010f699f47
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                                                                                                                        00000000775c147c 5 bytes JMP 000000010f68de8e
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                                                                                                          00000000775c1528 5 bytes JMP 000000010f68e37b
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey                                                                                                                                                    00000000775c1718 5 bytes JMP 000000010f68dd06
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                                                                                                            00000000775c1a58 5 bytes JMP 000000010f68d535
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                                                                                                            00000000775c1b9c 5 bytes JMP 000000010f68e4fd
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                                                              0000000076c8103d 5 bytes JMP 000000010f673904
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                              0000000076c81072 5 bytes JMP 000000010f673d68
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                                                        0000000076cac9b5 5 bytes JMP 000000010f673a1e
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                                                     0000000076d02ff1 5 bytes JMP 000000010f673c62
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                                                        00000000770b2642 5 bytes JMP 000000010f673f75
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW                                                                                                                                      0000000075229ebd 5 bytes JMP 00000001027499ff
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA                                                                                                                                      0000000075230afa 5 bytes JMP 000000010274e26c
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\USER32.dll!BeginPaint                                                                                                                                                    0000000075231361 5 bytes JMP 000000010275c8b4
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\USER32.dll!ValidateRect                                                                                                                                                  0000000075237849 5 bytes JMP 00000001028d1f12
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!OleLoadFromStream                                                                                                                                              0000000075316143 5 bytes JMP 0000000102ecdebe
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7                                                                                                                                       000000007531ea09 7 bytes JMP 000000010f6ae370
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!OleRun                                                                                                                                                         00000000753207de 5 bytes JMP 000000010f6ade9e
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject                                                                                                                                          00000000753221e1 5 bytes JMP 000000010f6b1745
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!OleUninitialize                                                                                                                                                000000007532eba1 6 bytes JMP 000000010f6ade15
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!OleInitialize                                                                                                                                                  000000007532efd7 5 bytes JMP 000000010f6addcd
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoGetClassObject                                                                                                                                               00000000753454ad 5 bytes JMP 000000010f6afdbb
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoInitializeEx                                                                                                                                                 00000000753509ad 5 bytes JMP 000000010f6add6d
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoUninitialize                                                                                                                                                 00000000753586d3 5 bytes JMP 000000010f6b07cf
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                                               0000000075359d0b 5 bytes JMP 000000010f6b14ec
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                                                                                             0000000075359d4e 5 bytes JMP 000000010f6af3c7
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7                                                                                                                                      000000007537bb09 7 bytes JMP 000000010f6adee6
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject                                                                                                                                            000000007539eacf 5 bytes JMP 000000010f6afa7c
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile                                                                                                                                          00000000753d340b 5 bytes JMP 000000010f6b08cf
.text     C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc                                                                                                                                            000000007541cfd9 5 bytes JMP 000000010f6ade56

---- Devices - GMER 2.1 ----

Device    \Driver\semav6thermal64ro \Device\semav6thermal64ro                                                                                                                                                                                                               fffff88005688010
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2272](2013-09-17 17:11:47)                                                                                                 000000006fbc0000
Library   C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2272](2013-09-17 17:11:47)                                                                                           000000006e940000
Library   C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2272](2013-09-17 17:11:47)                                                                                                  000000006a1c0000
Library   C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2272](2013-09-17 17:11:48)                                                                                               000000006ff00000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46)        00000000581a0000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)            0000000057840000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416](2014-10-22 00:22:50)                                                                                        0000000060f10000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)           00000000560c0000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50)                                                           000000004a900000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50)                                                         00000000040c0000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50)                                                           000000004ad00000
Library   c:\users\YYYrau~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7jjwhg.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416](2015-02-09 11:41:14)                                        0000000003a70000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)        000000005f840000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)         0000000006050000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)          000000005b830000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)            000000005b5d0000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)            0000000060650000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416](2014-10-22 00:22:50)                                                                                           00000000601b0000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46)  0000000060180000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)         000000005f800000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)   000000005f570000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416](2014-10-22 00:22:48)                                                                       000000005af70000
Library   C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416](2014-10-22 00:22:46)                                                                       000000005f530000
Library   C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [5352] (Razer Configurator/Razer Inc.)(2015-01-07 03:14:46)                                                                  000000005b050000
Library   C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816]                                                                                                0000000002720000
Library   C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816]                                                                                           000000000f940000
Library   C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816]                                                                                             0000000004c20000
Library   C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816]                                                                                                000000000b9e0000
Library   C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816]                                                                                           000000000f470000
Library   C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816]                                                                                            000000000bf10000
Library   C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816]                                                                                       000000000f4f0000
Library   C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816]                                                                                              000000000f7b0000
Library   C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816]                                                                                           0000000061a60000
Library   C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816]                                                                                             0000000004190000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313dbb8cf                                                                                                                                                                                       
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e14ca9                                                                                                                                                                                       
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e14ca9@b8c68eaf2231                                                                                                                                                                          0xFC 0x54 0x3D 0x7F ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e14ca9@c0eefb32dc7a                                                                                                                                                                          0xF9 0xE5 0x14 0x1B ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313dbb8cf (not active ControlSet)                                                                                                                                                                   
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e14ca9 (not active ControlSet)                                                                                                                                                                   
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e14ca9@b8c68eaf2231                                                                                                                                                                              0xFC 0x54 0x3D 0x7F ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e14ca9@c0eefb32dc7a                                                                                                                                                                              0xF9 0xE5 0x14 0x1B ...

---- EOF - GMER 2.1 ----
         
--- --- ---

Geändert von LarryPerkins (09.02.2015 um 12:05 Uhr)

Alt 09.02.2015, 14:13   #2
Warlord711
/// TB-Ausbilder
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Hallo LarryPerkins



Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Hier findest du die Anleitung für Hilfesuchende
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.


Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten".



Kannst du das FRST Log erneut posten, es ist nicht komplett. Ausserdem die Addition.txt

Falls keine aktuelle Addition.txt vorhanden ist, bitte FRST neu starten, Haken setzen bei addition.txt dann auf Scan klicken

__________________

__________________

Alt 09.02.2015, 16:27   #3
LarryPerkins
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Hallo Timo,

das FRST bricht leider mit einer Fehlermeldung ab
"FRST funktioniert nicht mehr richtig"

Eine Datei spuckt es scheinbar trotzdem aus, wenn auch keine addition.txt:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by XXX YYY (administrator) on XXXYYY-VAIO on 09-02-2015 17:24:11
Running from C:\Users\XXX YYY\Downloads
Loaded Profiles: XXX YYY (Available profiles: XXX YYY)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(UPEK Inc.) C:\Program Files\Protector Suite\psqltray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\XXX YYY\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Failed to access process -> dllhost.exe
Failed to access process -> dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9962016 2010-06-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2010-03-01] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [84744 2010-04-27] (UPEK Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [253440 2010-05-18] (Vodafone)
HKLM-x32\...\Run: [MarketingTools] => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2013-03-19] (Sony Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [SkyDrive] => C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [GoogleChromeAutoLaunch_550EDA027B4B11347618D98EDCBB3ADF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {852a4381-bbbe-11e2-9681-0024bed7ff33} - D:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {852a43a5-bbbe-11e2-9681-0024bed7ff33} - D:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {c8b79af5-29a7-11e3-9355-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d80812ee-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d80812ff-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d808131c-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d808133f-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXX YYY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {3617BCD7-E991-4BB5-8542-09A0B20EE913} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {794C16B2-C354-42CB-8212-172F5BD771B6} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {A70EC677-F517-45E6-831A-E87104D7AC0B} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{876E33B5-EE1E-4322-8F79-79EB6087A1E2}: [NameServer]  
Tcpip\..\Interfaces\{AA2DF348-6AB3-482F-A8BC-41E89158A468}: [NameServer] 10.74.210.210 10.74.210.211

FireFox:
========
FF ProfilePath: C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\XXX YYY\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3557091032-3563988234-1886976076-1000: @citrixonline.com/appdetectorplugin -> C:\Users\XXX YYY\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3557091032-3563988234-1886976076-1000: LWAPlugin15.8 -> C:\Users\XXX YYY\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\XXX YYY\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\XXX YYY\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\XXX YYY\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\searchplugins\translate-korean-to-english.xml
FF Extension: Avira Browser Safety - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\abs@avira.com [2015-02-03]
FF Extension: Password Bank - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\passwordbank@upek.com [2013-03-20]
FF Extension: Ghostery - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\firefox@ghostery.com.xpi [2013-08-19]
FF Extension: FireGestures - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\firegestures@xuldev.org.xpi [2013-03-20]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-08-09]
FF Extension: Yesware Email Tracking - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2013-04-24]
FF Extension: Rapportive - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\rapportive@rapportive.com.xpi [2013-06-20]
FF Extension: TinEye Reverse Image Search - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\tineye@ideeinc.com.xpi [2013-03-20]
FF Extension: Alexa Sparky - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\toolbar@alexa.com.xpi [2015-02-09]
FF Extension: Screengrab - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2013-03-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
         
__________________

Alt 09.02.2015, 16:33   #4
Warlord711
/// TB-Ausbilder
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Probier mal aus:

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
             
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 09.02.2015, 16:35   #5
Warlord711
/// TB-Ausbilder
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Und ausserdem:
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 09.02.2015, 17:41   #6
LarryPerkins
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Danke für Deine Mühe, gefunden wurde aber bei beiden wohl nichts:

Link:

Code:
ATTFilter
https://www.virustotal.com/de/file/0f3c059965263738ab63fd1cd864fa4d272576ff7a0e58c40f287c2058e3d6b4/analysis/1423501210/
         
Malwarebytes Rootkit (musste nicht rebooten):

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.09.08
  rootkit: v2015.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Tom Rauhe :: TOMRAUHE-VAIO [administrator]

09.02.2015 18:05:08
mbar-log-2015-02-09 (18-05-08).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 348966
Time elapsed: 13 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Könnte schwören es wäre nochmal aufgetreten, aber jetzt ist seit 10min Ruhe... denke ich.
Warte mal ob es wieder kommt bevor Du noch mehr Arbeit rein steckst Danke! Ich geb aber noch endgültiges Feedback..!

Alt 09.02.2015, 17:53   #7
Warlord711
/// TB-Ausbilder
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Hast du mal nen Rechner Neustart gemacht und dann direkt FRST64.exe gestartet ?
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 09.02.2015, 18:24   #8
LarryPerkins
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Also ich werd doch immernoch auf den Desktop geschmissen.

Ja hab auch mal Neustart gemacht und alles deaktiviert, auch so Startup Programme wie Razer und Skype usw und Virenscanner ausgeschaltet.

Das Programm stürzt immernoch mit "funktioniert nicht mehr" Fehlermeldung ab (das 64er, das andere geht ja gar nicht weil 64er System).

Hab's auch nochmal runtergeladen, selbes Ergebnis.

Geändert von LarryPerkins (09.02.2015 um 18:35 Uhr)

Alt 09.02.2015, 19:18   #9
Warlord711
/// TB-Ausbilder
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Dann mach mal:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 09.02.2015, 20:16   #10
LarryPerkins
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Code:
ATTFilter
ComboFix 15-02-09.01 - XXX YYY 09.02.2015  20:58:51.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3766.1621 [GMT 1:00]
ausgeführt von:: c:\users\XXX YYY\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\XXX YYY\AppData\Local\lame_enc.dll
c:\users\XXX YYY\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF4D83B2-7B07-4161-8485-61A4EF0A2DBD}.xps
c:\users\XXX YYY\AppData\Local\no23xwrapper.dll
c:\users\XXX YYY\AppData\Local\ogg.dll
c:\users\XXX YYY\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\XXX YYY\AppData\Local\vorbis.dll
c:\users\XXX YYY\AppData\Local\vorbisenc.dll
c:\users\XXX YYY\AppData\Local\vorbisfile.dll
c:\users\XXX YYY\AppData\Roaming\.#
c:\users\XXXRAU~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-09 bis 2015-02-09  ))))))))))))))))))))))))))))))
.
.
2015-02-09 17:04 . 2015-02-09 17:21	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-09 16:59 . 2015-02-09 16:59	--------	d-----w-	c:\programdata\OnlineUpdate
2015-02-09 16:59 . 2015-02-09 16:59	--------	d-----w-	c:\programdata\log
2015-02-09 11:00 . 2015-02-09 18:21	--------	d-----w-	C:\FRST
2015-02-09 08:37 . 2015-02-09 08:41	--------	d-----w-	C:\AdwCleaner
2015-02-05 15:56 . 2015-02-09 17:04	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-05 15:56 . 2015-02-09 17:03	97496	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-02-05 15:56 . 2015-02-05 15:56	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-02-05 15:56 . 2015-02-05 15:56	--------	d-----w-	c:\programdata\Malwarebytes
2015-02-05 15:56 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-02-05 15:56 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-01-24 15:42 . 2015-01-24 18:43	--------	d-----w-	c:\programdata\Steam
2015-01-23 15:45 . 2015-01-23 15:45	--------	d-----w-	c:\programdata\VTech
2015-01-23 15:45 . 2015-01-23 15:45	--------	d-----w-	c:\program files (x86)\VTech
2015-01-21 14:56 . 2015-01-21 15:05	--------	d-----w-	c:\users\XXX YYY\AppData\Roaming\webex
2015-01-21 14:56 . 2015-01-21 14:56	--------	d-----w-	c:\programdata\WebEx
2015-01-21 14:56 . 2015-01-21 14:56	--------	d-----w-	c:\users\XXX YYY\AppData\Local\WebEx
2015-01-19 12:39 . 2014-06-16 06:01	110336	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2015-01-19 12:24 . 2015-01-19 12:24	--------	d-----w-	c:\program files\SAMSUNG
2015-01-19 12:22 . 2015-01-19 12:22	--------	d-----w-	c:\programdata\Samsung
2015-01-19 12:21 . 2015-01-19 12:21	--------	d-----w-	c:\program files (x86)\ClockworkMod
2015-01-17 17:47 . 2015-01-19 09:17	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2015-01-15 14:37 . 2015-01-15 14:37	--------	d-----w-	c:\windows\de
2015-01-15 14:36 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 15:28 . 2013-03-20 10:36	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 15:28 . 2013-03-20 10:36	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 14:20 . 2013-03-20 10:10	113365784	----a-w-	c:\windows\system32\MRT.exe
2014-12-30 13:58 . 2014-04-16 08:09	13792	----a-w-	c:\windows\system32\drivers\semav6thermal64ro.sys
2014-12-30 09:35 . 2014-12-30 09:35	177832	----a-w-	c:\windows\system32\drivers\rzudd.sys
2014-12-30 09:28 . 2014-12-30 09:28	990720	----a-w-	c:\windows\SysWow64\rzdevicedll.dll
2014-12-30 09:28 . 2014-12-30 09:28	78848	----a-w-	c:\windows\SysWow64\rzvirtualdev.dll
2014-12-30 09:28 . 2014-12-30 09:28	89088	----a-w-	c:\windows\SysWow64\rzdevinfo.dll
2014-12-30 09:28 . 2014-12-30 09:28	155136	----a-w-	c:\windows\SysWow64\rztouchdll.dll
2014-12-30 09:28 . 2014-12-30 09:28	117248	----a-w-	c:\windows\SysWow64\rzdisplaydll.dll
2014-12-30 09:28 . 2014-12-30 09:28	419840	----a-w-	c:\windows\SysWow64\rzaudiodll.dll
2014-12-19 03:22 . 2014-12-19 03:22	9728	----a-w-	c:\windows\SysWow64\RzStats.IPC.dll
2014-12-10 20:43 . 2015-01-08 11:59	129600	----a-w-	c:\windows\system32\drivers\rzpnk.sys
2014-12-09 22:21 . 2015-01-08 11:59	37184	----a-w-	c:\windows\system32\drivers\rzpmgrk.sys
2014-12-04 02:50 . 2014-12-10 13:27	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 13:27	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 13:27	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 13:27	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 13:27	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 13:27	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 13:27	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 13:27	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 13:28	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 13:28	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 13:28	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 13:28	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 13:28	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 13:28	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 13:28	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 13:28	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 13:28	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 13:28	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 13:28	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 13:28	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 13:28	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 13:28	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 13:28	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 13:28	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 13:28	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 13:28	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 13:28	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 13:28	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 13:28	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 13:28	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 13:28	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 13:28	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 13:28	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 13:28	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 13:28	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 13:28	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 13:28	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 13:28	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 13:28	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 13:28	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 13:28	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 13:28	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 13:28	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 13:28	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 13:28	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 13:28	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 13:28	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 13:28	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-19 03:31 . 2014-11-19 03:31	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-25 10:37	239272	----a-w-	c:\users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-25 10:37	239272	----a-w-	c:\users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-25 10:37	239272	----a-w-	c:\users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\XXX YYY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\XXX YYY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\XXX YYY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-01-23 1942720]
"SkyDrive"="c:\users\XXX YYY\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-09-25 277672]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30879328]
"GoogleChromeAutoLaunch_550EDA027B4B11347618D98EDCBB3ADF"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-02-04 843592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-05-18 253440]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2013-03-19 26624]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-11 702768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-01-06 585536]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-08-19 448856]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2014-06-20 401280]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
.
c:\users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\XXX YYY\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
FastStone Capture.lnk - c:\program files (x86)\FastStone Capture\FSCapture.exe -Silent [2007-2-12 1111552]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0067591363772028mcinstcleanup;McAfee Application Installer Cleanup (0067591363772028);c:\windows\TEMP\006759~1.EXE;c:\windows\TEMP\006759~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x]
R2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.8.130\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [x]
R3 qcfiltersny2k;Qualcomm Gobi 2000 USB Composite Device Filter 9225;c:\windows\system32\DRIVERS\qcfiltersny2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcfiltersny2k.sys [x]
R3 qcombussny;Gobi 2000 USB Composite Device Driver(05C6-9225);c:\windows\system32\DRIVERS\qcombussny.sys;c:\windows\SYSNATIVE\DRIVERS\qcombussny.sys [x]
R3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbnetsny2k.sys [x]
R3 qcusbsersny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbserSny2k.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
R3 rzmpos;rzmpos;c:\windows\system32\DRIVERS\rzmpos.sys;c:\windows\SYSNATIVE\DRIVERS\rzmpos.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe;c:\windows\SYSNATIVE\nvservice.exe [x]
S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-07 07:15	1086280	----a-w-	c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-20 15:28]
.
2015-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 15:04]
.
2015-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 15:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-25 10:37	266416	----a-w-	c:\users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-25 10:37	266416	----a-w-	c:\users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-25 10:37	266416	----a-w-	c:\users\XXX YYY\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 08:07	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 08:07	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 08:07	2334928	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\XXX YYY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\XXX YYY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\XXX YYY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\XXX YYY\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-27 14:48	5947656	----a-w-	c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-27 14:48	5947656	----a-w-	c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 410136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-04 16414824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-18 9962016]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{AA2DF348-6AB3-482F-A8BC-41E89158A468}: NameServer = 10.74.210.210 10.74.210.211
FF - ProfilePath - c:\users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\programdata\Internet Manager\OnlineUpdate\ouc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-09  21:15:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-09 20:15
.
Vor Suchlauf: 8.711.974.912 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 13.290.799.104 Bytes frei
.
- - End Of File - - 87A4221DB87E492E89DF75D9043CFC52
         

Alt 09.02.2015, 20:51   #11
Warlord711
/// TB-Ausbilder
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Ok, mach mal Rechner-Neustart und dann nochmal versuchen, ein FRST Log zu erstellen.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 09.02.2015, 21:57   #12
LarryPerkins
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Nope, stürzt leider immernoch ab, erzeugt aber wie gesagt ein (anscheinend unvollständiges) File wieder:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by XXX YYY (administrator) on XXXYYY-VAIO on 09-02-2015 22:54:17
Running from C:\Users\XXX YYY\Downloads
Loaded Profiles: XXX YYY (Available profiles: XXX YYY)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(UPEK Inc.) C:\Program Files\Protector Suite\psqltray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\XXX YYY\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> dllhost.exe
Failed to access process -> dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9962016 2010-06-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2010-03-01] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [84744 2010-04-27] (UPEK Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [253440 2010-05-18] (Vodafone)
HKLM-x32\...\Run: [MarketingTools] => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2013-03-19] (Sony Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [SkyDrive] => C:\Users\XXX YYY\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [GoogleChromeAutoLaunch_550EDA027B4B11347618D98EDCBB3ADF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXX YYY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
Startup: C:\Users\XXX YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {3617BCD7-E991-4BB5-8542-09A0B20EE913} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {794C16B2-C354-42CB-8212-172F5BD771B6} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {A70EC677-F517-45E6-831A-E87104D7AC0B} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{876E33B5-EE1E-4322-8F79-79EB6087A1E2}: [NameServer]  
Tcpip\..\Interfaces\{AA2DF348-6AB3-482F-A8BC-41E89158A468}: [NameServer] 10.74.210.210 10.74.210.211

FireFox:
========
FF ProfilePath: C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\XXX YYY\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3557091032-3563988234-1886976076-1000: @citrixonline.com/appdetectorplugin -> C:\Users\XXX YYY\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3557091032-3563988234-1886976076-1000: LWAPlugin15.8 -> C:\Users\XXX YYY\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\XXX YYY\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\XXX YYY\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\XXX YYY\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\searchplugins\translate-korean-to-english.xml
FF Extension: Avira Browser Safety - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\abs@avira.com [2015-02-03]
FF Extension: Password Bank - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\passwordbank@upek.com [2013-03-20]
FF Extension: Ghostery - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\firefox@ghostery.com.xpi [2013-08-19]
FF Extension: FireGestures - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\firegestures@xuldev.org.xpi [2013-03-20]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-08-09]
FF Extension: Yesware Email Tracking - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2013-04-24]
FF Extension: Rapportive - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\rapportive@rapportive.com.xpi [2013-06-20]
FF Extension: TinEye Reverse Image Search - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\tineye@ideeinc.com.xpi [2013-03-20]
FF Extension: Alexa Sparky - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\toolbar@alexa.com.xpi [2015-02-09]
FF Extension: Screengrab - C:\Users\XXX YYY\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2013-03-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
         

Alt 09.02.2015, 22:05   #13
Warlord711
/// TB-Ausbilder
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Das ist echt schräg.

AdwCleaner hattest du auch schon laufen lassen wie ich sehe.

Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 10.02.2015, 01:57   #14
LarryPerkins
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Meine Lizenz von HitmanPro ist 2013 abgelaufen, scheinbar hab ich das da schonmal laufen lassen.
Gibt's ne Alternative? Der fragt nach nem Prododuktschlüssel

...abgesehen davon hat der Scan nichts gefunden außer paar Ad Cookies so wie ich das verstanden hab...

Alt 10.02.2015, 08:44   #15
Warlord711
/// TB-Ausbilder
 
Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Standard

Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste



Kannst du beim FRST Scan mal den AV-Schutz komplett deaktivieren ?
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Antwort

Themen zu Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste
explorer, homepage, internet, internet explorer, programm, pup.optional.babylon.a, pup.optional.browserdefender.a, pup.optional.delta.a, pup.optional.digitalsite.a, pup.optional.digitalsites.a, pup.optional.installcore.a, pup.optional.startpage, siteadvisor, software



Ähnliche Themen: Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste


  1. Win7 : Dos-Fenster öffnet sich ganz kurz
    Log-Analyse und Auswertung - 27.07.2015 (11)
  2. cmd.exe bzw. Eingabeaufforderung öffnet sich nicht/nur kurz!
    Plagegeister aller Art und deren Bekämpfung - 11.02.2014 (11)
  3. FireFox braucht ganz lange um zu laden und irgendein Programm öffnet und schließt sich wieder sofort
    Plagegeister aller Art und deren Bekämpfung - 21.01.2014 (3)
  4. SoftwareUpdater.ui.exe öffnet sich regelmäßig
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (11)
  5. Nach Win7-Benutzer Anmeldung, kurz Desktop. dann weißer Bildschirm mit Cursor
    Plagegeister aller Art und deren Bekämpfung - 28.11.2012 (23)
  6. In meiner Taskleiste unter Windows 7 öffnet sich irgendein Programm und schließt sich sofort wieder
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (11)
  7. CMD öffnet sich bei Systemstart kurz.
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (17)
  8. Beim Start öffnet sich immer kurz ein scwarzes fenster + Opera öffnet immer eine Seite
    Log-Analyse und Auswertung - 06.06.2011 (10)
  9. Win Xp 32bit Programm öffnen und es schließt sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 10.12.2010 (8)
  10. Internet Explorer öffnet sich regelmäßig mit Werbung.
    Log-Analyse und Auswertung - 26.10.2010 (2)
  11. Browser schließt sich regelmäßig und dann kommt folgendes ->
    Plagegeister aller Art und deren Bekämpfung - 04.10.2010 (2)
  12. Internet Explorer öffnet sich regelmäßig selbstständig. (Njywoa.exe macht verdächtigen Eindruck)
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (7)
  13. Internet Explorer startet kurz mit unbekannter URL und schließt sich gleich wieder
    Log-Analyse und Auswertung - 05.07.2010 (4)
  14. Spiel/Programm schließt sich von alleine
    Plagegeister aller Art und deren Bekämpfung - 14.02.2010 (40)
  15. IE öffnet sich regelmäßig mit Werbung
    Log-Analyse und Auswertung - 23.12.2009 (11)
  16. Desktop Explorer öffnet und schließt sich die ganze zeit
    Plagegeister aller Art und deren Bekämpfung - 13.04.2009 (3)
  17. Werde ständig aus dem Netz geschmissen (Dialerwarnung) Bitte LogFile überprüfen. :-)
    Log-Analyse und Auswertung - 02.04.2005 (1)

Zum Thema Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste - Hallo, ich werde regelmässig auf den Desktop geschmissen und aus dem aktuell laufenden Programm (Spiel oder Email schreiben). Dabei öffnet sich sehr kurz ein Programm in der Leiste und schließt - Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste...
Archiv
Du betrachtest: Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.