Trojaner-Board - Sony Vaio sehr langsam - AntiVir hatte Virus gefunden

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Sony Vaio sehr langsam - AntiVir hatte Virus gefunden (https://www.trojaner-board.de/164576-sony-vaio-sehr-langsam-antivir-virus-gefunden.html)

Sony Vaio sehr langsam - AntiVir hatte Virus gefunden

Hallo,

mein PC ist extrem langsam.
Von 2012-2014 habe ich Norton genutzt. Dachte der PC wäre dadurch langsam. Da ich dachte ein Virus wäre ausgeschlossen. Bin mir jetzt nicht mehr sicher.
Norton wurde deinstalliert da die Software sich nur noch aufhing (September 2014)... heute weiss ich das das auch an einem Befall liegen kann...der PC hat jetzt gut 6 Monate in der Ecke gestanden da ich keine Zeit hatte mich damit zu befassen...jetzt habe ich wieder den Mut gefunden und komme nicht weiter...
Oft friert der Bildschirm ein für mehrere Minuten...es wirkt als wäre das auch in einem bestimmten Takt z.B. alle zwei Minuten am einfrieren....
Habe alle Schritte wie angefordert ausgeführt. Als ich an meinen Beitrag die Anhänge laden wollte habe ich einen Blue Screen bekommen:

Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.1.7601.2.1.0.768.3
Gebietsschema-ID: 1031

Zusatzinformationen zum Problem:
BCCode: 109
BCP1: A3A039D8A36E0581
BCP2: B3B7465EF5EC40BB
BCP3: FFFFF880009F55C0
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Ich wäre sehr dankbar wenn ihr mir helfen könnt.

Viele Grüße
März 2015
Defogger
-> Meldung "Finished"

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 08:32 on 01/03/2015 (Rebecca)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

addition txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015

Ran by Rebecca at 2015-03-01 08:40:28

Running from C:\Users\Rebecca\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)

Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)

Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)

ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.392 - ArcSoft)

Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Atheros)

Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.624 - Avira)

Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)

Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.95 - Atheros Communications)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION

CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)

concept/design onlineTV 6 (HKLM-x32\...\{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1) (Version: onlineTV 6 - concept/design GmbH)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)

Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)

Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.800 - Corel Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )

Elements 10 Organizer (x32 Version: 10.0 - Ihr Firmenname) Hidden

EPSON S22 Series Printer Uninstall (HKLM\...\EPSON S22 Series) (Version:  - SEIKO EPSON Corporation)

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)

iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)

Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)

Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Langenscheidt Kurs 2 5.0 Spanisch (HKLM-x32\...\Kurs 2 5.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)

Langenscheidt Vokabeltrainer 5.0 Spanisch (HKLM-x32\...\{C0E98BCC-FE45-4912-B171-8F35C9CB937F}) (Version: 5.0.0 - Langenscheidt)

lingDIALOG (HKLM-x32\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)

lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden

Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

NVIDIA 3D Vision Treiber 268.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.31 - NVIDIA Corporation)

NVIDIA Grafiktreiber 268.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.31 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)

PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)

PMB VAIO Edition Guide (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden

PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden

PMB VAIO Edition Plug-in (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden

PMB VAIO Edition Plug-in (x32 Version: 1.5.10.06150 - Sony Corporation) Hidden

Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden

Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.6.9 - Sony Corporation)

Quick Web Access (x32 Version: 1.4.6.9 - Sony Corporation) Hidden

QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)

Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden

Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden

Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden

Spotify (HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)

SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden

SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft)

VAIO - Media Gallery (HKLM-x32\...\{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}) (Version: 1.5.0.16020 - Sony Corporation)

VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.02250 - Sony Corporation)

VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}) (Version: 1.6.10.11160 - Sony Corporation)

VAIO - Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.15070 - Sony Corporation)

VAIO - Remote-Tastatur  (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)

VAIO Care (HKLM\...\{FDCC09EA-A33E-4639-B1CD-FC1702815FA7}) (Version: 8.4.0.14281 - Sony Corporation)

VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.5.0.03040 - Sony Corporation)

VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.6.0.13140 - Sony Corporation)

VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden

VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)

VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden

VAIO Event Service (HKLM-x32\...\{73D8886A-D416-4687-B609-0D3836BA410C}) (Version: 5.5.0.03040 - Sony Corporation)

VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.3.0.11090 - Sony Corporation)

VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.4.0.03240 - Sony Corporation)

VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden

VAIO Hardware Diagnostics (x32 Version: 4.2.0.17180 - Sony Corporation) Hidden

VAIO Hero Screensaver - Summer 2011 Screensaver (HKLM-x32\...\VAIO Hero Screensaver - Summer 2011 Screensaver) (Version:  - )

VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.0.0.14150 - Sony Corporation)

VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)

VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)

VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.8.1.08270 - Sony Corporation)

VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)

VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.0.0.02250 - Sony Corporation)

VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation)

VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VESx64 (Version: 1.0.0 - Sony Corporation) Hidden

VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VIx64 (Version: 1.0.0 - Sony Corporation) Hidden

VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VLC media player 1.0.2 (HKLM-x32\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)

Vokabeltrainer-Update 5.0.27 (HKLM-x32\...\{A4987FC4-33BE-4227-B290-FAA1819B65C2}) (Version: 5.0.27 - Langenscheidt)

VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden

VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden

VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)

Yontoo Layers Runtime 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Yontoo LLC) <==== ATTENTION

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden

Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Rebecca\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
 

==================== Restore Points  =========================
 

13-07-2014 03:10:00 Geplanter Prüfpunkt

13-07-2014 10:09:18 Entfernt Easy Photo Print Plug-in for PMB(Picture Motion BrowserRôû

13-07-2014 10:10:52 OpenOffice.org 3.3 wird entfernt

14-07-2014 08:16:20 Windows Update

17-08-2014 16:14:42 Windows Update

21-11-2014 17:53:10 Windows Update

21-11-2014 18:00:23 Windows Update

04-02-2015 17:23:10 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2012-03-14 18:16 - 2012-03-14 18:13 - 00001224 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 adobeereg.com

127.0.0.1 hxxp://www.adobeereg.com

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 192.150.18.108

127.0.0.1 activate.adobe.com:443
 
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {11FC2715-BD64-4087-825A-5D6CBB32C80A} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"

Task: {228D7B53-86E1-407F-83B9-29A9DE1C508F} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)

Task: {2422013E-D4E6-400D-BBC9-5CB0B622A6E4} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\SymErr.exe

Task: {255CA4D8-173C-4507-A155-7D8C80CEE6EB} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)

Task: {2F012159-966A-41A0-ADFF-F4D9FD3A3D9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-28] (Adobe Systems Incorporated)

Task: {32871535-9497-493F-8936-6EB31E3906EB} - System32\Tasks\{1452235B-E60F-4438-9D7C-BDD12CC18ADB} => Firefox.exe 

Task: {35446D3A-DBFA-4D32-892F-CDA413686A43} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)

Task: {3C1064D3-A994-4220-9D0D-9E9B7DB61868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)

Task: {3F205720-6ADF-464A-9852-989EC9C6ABDA} - System32\Tasks\{0F62D350-047A-4441-8028-E43EEC43B6C5} => C:\Users\Rebecca\Downloads\Firefox Setup 9.0.1.exe

Task: {4CFE56AA-D985-4B25-B6CD-EB501ABC5604} - System32\Tasks\{19931DAF-E68F-4F5E-B609-81DEB8A7A19B} => Firefox.exe 

Task: {4F770BF0-C6B1-418E-AA99-179121FE86D8} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {54B4D3D8-7413-4C53-9A00-28EBE5D12EA4} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient

Task: {6DB8E548-8DAE-4AFC-B0B3-6836984A0C43} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {7A565DDA-5F28-45D2-88FB-9787C43EFF98} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {7B5D6CFE-B117-4CEA-BB86-1A993A90EFB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)

Task: {7DD2A586-EAFA-412C-9FE0-CCC745C07FFD} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {88729C68-2645-489C-AACC-130878A1132D} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {9143E457-85FD-4B36-A5A5-E8538A8FC2B2} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)

Task: {9236064C-0C72-4F5F-A312-358D310BC752} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)

Task: {9A45C44C-6983-4C77-AADD-5A07A3C4D17E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)

Task: {9CB3B459-4E1D-4AFA-93D6-33C69740C754} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\WSCStub.exe

Task: {9DB78B65-35DF-4B88-8BB1-BF51E8E53721} - System32\Tasks\{B1C3F483-11B1-4E48-AA87-FEF8171C3B2E} => Firefox.exe hxxp://ui.skype.com/ui/0/7.1.59.105/de/abandoninstall?page=tsBing

Task: {A65F7A73-345E-45CD-BCEA-0C74F6E21F30} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)

Task: {A670FE10-7DBE-41DD-9FA4-6ADB8234DA7D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {BCAC4B91-A46D-4EE4-AC29-69E79A8B21F8} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {CF41246A-54D3-498D-AB22-16A55DFD40D3} - System32\Tasks\AdobeAAMUpdater-1.0-Rebecca-VAIO-Rebecca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)

Task: {CF5DFAF0-E54F-4C1C-8BEA-341312C1C822} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)

Task: {D916D508-7232-459B-9C7B-46C70CEA0450} - System32\Tasks\{4FA3A4F2-D721-4A90-AA93-E97C8F264CA1} => C:\Users\Rebecca\Downloads\Firefox Setup 9.0.1.exe

Task: {DB8F79DF-3B38-41BB-B865-F08B294F855D} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {E2FDA638-9205-4F32-AFE9-0548CE0E9FEE} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {F1D43B77-C982-4B72-9EAA-7A36BAE9530A} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {F4E18867-B4FE-44C5-AE9C-FC3B94326CAD} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)

Task: {F52F7F75-4BAE-4450-9604-BB908976F3CD} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\SymErr.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

2013-11-01 13:59 - 2013-11-01 13:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-09-14 03:20 - 2011-03-05 15:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll

2015-02-21 18:44 - 2015-02-21 18:44 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2015-02-04 17:29 - 2015-02-04 17:29 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5a30dc1ce2757376d1f0f13e904dec4d\IsdiInterop.ni.dll

2011-09-14 03:08 - 2010-09-13 17:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.178.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2376502425-3775382256-1084218318-500 - Administrator - Disabled)

Gast (S-1-5-21-2376502425-3775382256-1084218318-501 - Limited - Disabled)

Rebecca (S-1-5-21-2376502425-3775382256-1084218318-1000 - Administrator - Enabled) => C:\Users\Rebecca
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/01/2015 08:20:54 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)

Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 

Error: (03/01/2015 08:20:54 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)

Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 

Error: (03/01/2015 08:20:54 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)

Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 

Error: (03/01/2015 08:14:01 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/28/2015 08:47:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)

Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 

Error: (02/28/2015 08:47:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)

Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 

Error: (02/28/2015 08:47:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)

Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 

Error: (02/28/2015 08:42:51 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/28/2015 08:40:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )

Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.
 
 

Details:

Could not query the status of the EventSystem service.
 

System Error:

Der Computer wird heruntergefahren.

.
 

Error: (02/28/2015 08:34:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)

Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
 

System errors:

=============

Error: (03/01/2015 08:20:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Energy Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (03/01/2015 08:16:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Adobe Active File Monitor V10 erreicht.
 

Error: (03/01/2015 08:15:21 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 

Error: (03/01/2015 08:15:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (03/01/2015 08:15:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
 

Error: (03/01/2015 08:14:52 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
 

Error: (03/01/2015 08:14:46 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 

Error: (03/01/2015 08:14:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (03/01/2015 08:14:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
 

Error: (02/28/2015 08:49:24 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
 
 

Microsoft Office Sessions:

=========================

Error: (01/17/2013 11:27:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 43 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (01/17/2013 11:25:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 178 seconds with 120 seconds of active time.  This session ended with a crash.
 

Error: (01/17/2013 11:22:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2134 seconds with 600 seconds of active time.  This session ended with a crash.
 

Error: (01/17/2013 10:45:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5463 seconds with 4620 seconds of active time.  This session ended with a crash.
 

Error: (01/10/2012 01:21:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11041 seconds with 6780 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 31%

Total physical RAM: 6125.86 MB

Available physical RAM: 4182.83 MB

Total Pagefile: 12249.9 MB

Available Pagefile: 9849.13 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:452.03 GB) (Free:226.49 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B6E737C5)

Partition 1: (Not Active) - (Size=13.6 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

FRst

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015

Ran by Rebecca (administrator) on REBECCA-VAIO on 01-03-2015 08:39:51

Running from C:\Users\Rebecca\Downloads

Loaded Profiles: Rebecca (Available profiles: Rebecca)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

() C:\Program Files\Sony\VAIO Care\listener.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-04] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Run: [EPSON S22 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\MountPoints2: {5fa15651-b33e-11e3-ab5e-806e6f6e6963} - D:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\MountPoints2: {a86b9ff5-29d3-11e2-b13e-78843ced81c6} - D:\setup.exe

BootExecute: autocheck autochk * 
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.eu/vaioportal

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {55AC56BA-EA92-403A-B06E-A272A0EA3CBF} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {5EE7933D-E39A-4EBF-B8CC-4E7D0DB590B8} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {728AA856-5BA0-4EBC-A90D-463912C3E2FE} URL = hxxp://de.shopping.com/?linkin_id=8056363

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default

FF Homepage: about:home

FF Keyword.URL: 

FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\user.js

FF SearchPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\searchplugins\safesearch.xml

FF SearchPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\searchplugins\speedfox.xml

FF Extension: Avira Browser Safety - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\Extensions\abs@avira.com [2015-02-21]

FF Extension: Adblock Plus - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-13]
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll No File

CHR Plugin: (Norton Confidential) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\npcoplgn.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-17]

CHR Extension: (Google Drive) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]

CHR Extension: (YouTube) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]

CHR Extension: (Google Search) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]

CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac [2013-02-26]

CHR Extension: (Facebook Disconnect) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-08-02]

CHR Extension: (YoWindow Weather) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2013-08-02]

CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-05]

CHR Extension: (Google Wallet) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

CHR Extension: (Gmail) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros) [File not signed]

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [75936 2011-03-31] (Atheros Commnucations) [File not signed]

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]

S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]

S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-02-28] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-28] ()

R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-01 08:39 - 2015-03-01 08:40 - 00023122 _____ () C:\Users\Rebecca\Downloads\FRST.txt

2015-03-01 08:39 - 2015-03-01 08:39 - 02092544 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST64.exe

2015-03-01 08:39 - 2015-03-01 08:39 - 00000000 ____D () C:\FRST

2015-03-01 08:35 - 2015-03-01 08:36 - 00000476 _____ () C:\Users\Rebecca\Desktop\defogger_disable.log

2015-03-01 08:32 - 2015-03-01 08:32 - 00000476 _____ () C:\Users\Rebecca\Downloads\defogger_disable.log

2015-03-01 08:32 - 2015-03-01 08:32 - 00000000 _____ () C:\Users\Rebecca\defogger_reenable

2015-03-01 08:31 - 2015-03-01 08:31 - 00050477 _____ () C:\Users\Rebecca\Desktop\Defogger.exe

2015-02-28 20:21 - 2015-02-28 20:21 - 00157990 _____ () C:\Windows\PFRO.log

2015-02-22 06:00 - 2015-03-01 08:12 - 00000336 _____ () C:\Windows\setupact.log

2015-02-22 06:00 - 2015-02-22 06:00 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-21 21:02 - 2015-02-21 21:02 - 00003074 _____ () C:\Windows\System32\Tasks\{B1C3F483-11B1-4E48-AA87-FEF8171C3B2E}

2015-02-21 19:18 - 2015-02-21 19:26 - 45112928 _____ (Skype Technologies S.A.) C:\Users\Rebecca\Downloads\SkypeSetupFull.exe

2015-02-21 19:12 - 2015-02-21 19:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk

2015-02-21 19:03 - 2015-02-21 18:59 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2015-02-21 19:01 - 2015-02-21 19:13 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-21 18:59 - 2015-02-21 18:59 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Avira

2015-02-21 18:58 - 2015-02-21 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-21 18:58 - 2015-02-21 18:58 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2015-02-21 18:57 - 2015-02-21 19:11 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-21 18:57 - 2015-02-21 19:03 - 00000000 ____D () C:\ProgramData\Avira

2015-02-21 18:57 - 2015-02-04 17:51 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-02-21 18:57 - 2015-02-04 17:51 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-02-21 18:57 - 2015-02-04 17:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2015-02-21 18:52 - 2015-02-21 18:56 - 160782960 _____ () C:\Users\Rebecca\Downloads\avira_free_antivirus_de_15.0.8.624.exe

2015-02-21 18:51 - 2015-03-01 08:24 - 00200767 _____ () C:\Windows\WindowsUpdate.log

2015-02-21 18:44 - 2015-02-21 18:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-21 18:40 - 2015-02-21 18:40 - 04196968 _____ (Piriform Ltd) C:\Users\Rebecca\Downloads\ccsetup502_slim.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-01 08:36 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-01 08:36 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-01 08:32 - 2011-09-23 13:33 - 00000000 ____D () C:\Users\Rebecca

2015-03-01 08:29 - 2014-07-13 19:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-01 08:20 - 2011-09-14 12:59 - 15293702 _____ () C:\Windows\system32\perfh007.dat

2015-03-01 08:20 - 2011-09-14 12:59 - 04881382 _____ () C:\Windows\system32\perfc007.dat

2015-03-01 08:20 - 2009-07-14 06:13 - 00006472 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-01 08:12 - 2013-08-19 19:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-01 08:12 - 2011-09-14 03:14 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-03-01 08:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-28 21:19 - 2014-07-13 19:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-02-28 21:19 - 2014-07-13 19:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-28 21:19 - 2011-12-08 23:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-28 21:18 - 2014-08-16 20:25 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Adobe

2015-02-28 21:08 - 2011-09-23 13:35 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E13C1829-F2CF-4B7D-91AD-B2BCE9779098}

2015-02-28 20:56 - 2013-08-19 19:17 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-21 18:51 - 2013-08-19 19:17 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-21 18:51 - 2013-08-19 19:17 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-21 18:49 - 2014-05-24 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-02-21 18:46 - 2012-01-17 22:21 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\CrashDumps

2015-02-21 18:41 - 2014-07-12 18:11 - 00000000 ____D () C:\Program Files\CCleaner

2015-02-04 17:24 - 2014-05-11 08:28 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-02-04 17:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 

==================== Files in the root of some directories =======
 

2014-06-29 20:27 - 2014-06-29 20:27 - 6010880 _____ () C:\Program Files (x86)\GUT3DF1.tmp

2014-07-05 18:50 - 2014-07-05 18:50 - 6010880 _____ () C:\Program Files (x86)\GUTA2E.tmp

2014-06-29 13:49 - 2014-06-29 13:49 - 6010880 _____ () C:\Program Files (x86)\GUTCD5E.tmp
 

Some content of TEMP:

====================

C:\Users\Rebecca\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-22 10:57
 

==================== End Of Log ============================

--- --- ---

GMER

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2015-03-01 09:14:20

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465,76GB

Running: Gmer-19357.exe; Driver: C:\Users\Rebecca\AppData\Local\Temp\pwlirkog.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000076121465 2 bytes [12, 76]

.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000761214bb 2 bytes [12, 76]

.text  ...                                                                                                                                     * 2

.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076121465 2 bytes [12, 76]

.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000761214bb 2 bytes [12, 76]

.text  ...                                                                                                                                     * 2
 

---- Registry - GMER 2.1 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78cd5b18                                                             

Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78cd5b18 (not active ControlSet)                                         
 

---- EOF - GMER 2.1 ----

Ereignisse.txt

Code:

Exportierte Ereignisse:
 

22.02.2015 09:31 [System-Scanner] Malware gefunden

      Die Datei 'C:\Festplatte\REBECCA-VAIO\Backup Set 2012-05-04 131541\Backup Files 

      2012-05-04 131541\Backup files 11.zip'

      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware].

      Durchgeführte Aktion(en):

      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5029362a.qua' 

      verschoben!

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Hallo Schrauber,

ich hoffe so ist es ok?

VG,
März

Hallo Schrauber.

Zitat:

Zitat von schrauber (Beitrag 1434476)

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Danke Viele Grüße

Zitat:

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 hxxp://www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 activate.adobe.com:443

Erstmal das gecrackte Adobe und alles andere gecrackte deinstallieren, sonst gibt es keinen Support.

Hallo Schrauber,

können Sie mir sagen wie? Nach meinem Wissen habe ich nur den kostenfreien Reader und den Flashplayer installiert. Photoshop ist runter, sonst noch was?
Ich will nix falsches in der Systemsteuerung runter werfen.

Danke im Voraus,

VG

Photoshop, genau. Wenn das runter ist bitte FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles.

Hallo Schrauber,

hier FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015

Ran by Rebecca (administrator) on REBECCA-VAIO on 03-03-2015 08:14:30

Running from C:\Users\Rebecca\Downloads

Loaded Profiles: Rebecca (Available profiles: Rebecca)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

() C:\Program Files\Sony\VAIO Care\listener.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-04] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Run: [EPSON S22 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\MountPoints2: {5fa15651-b33e-11e3-ab5e-806e6f6e6963} - D:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\MountPoints2: {a86b9ff5-29d3-11e2-b13e-78843ced81c6} - D:\setup.exe

BootExecute: autocheck autochk * 
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.eu/vaioportal

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {55AC56BA-EA92-403A-B06E-A272A0EA3CBF} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {5EE7933D-E39A-4EBF-B8CC-4E7D0DB590B8} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {728AA856-5BA0-4EBC-A90D-463912C3E2FE} URL = hxxp://de.shopping.com/?linkin_id=8056363

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 

FireFox:

========

FF ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default

FF Homepage: about:home

FF Keyword.URL: 

FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\user.js

FF SearchPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\searchplugins\safesearch.xml

FF SearchPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\searchplugins\speedfox.xml
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll No File

CHR Plugin: (Norton Confidential) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\npcoplgn.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-17]

CHR Extension: (Google Drive) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]

CHR Extension: (YouTube) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]

CHR Extension: (Google Search) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]

CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac [2013-02-26]

CHR Extension: (Facebook Disconnect) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-08-02]

CHR Extension: (YoWindow Weather) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2013-08-02]

CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-05]

CHR Extension: (Google Wallet) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

CHR Extension: (Gmail) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros) [File not signed]

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [75936 2011-03-31] (Atheros Commnucations) [File not signed]

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]

S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]

S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-02-28] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-28] ()

R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()

U3 pwlirkog; \??\C:\Users\Rebecca\AppData\Local\Temp\pwlirkog.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-03 08:14 - 2015-03-03 08:14 - 00022684 _____ () C:\Users\Rebecca\Downloads\FRST.txt

2015-03-01 18:07 - 2015-03-01 18:07 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\No Company Name

2015-03-01 16:36 - 2015-03-01 16:36 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Macromedia

2015-03-01 15:53 - 2015-03-03 07:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-01 15:53 - 2015-03-01 15:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-03-01 15:53 - 2015-03-01 15:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-03-01 15:53 - 2015-03-01 15:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-03-01 15:53 - 2015-03-01 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-03-01 15:52 - 2015-03-01 15:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2015-03-01 15:52 - 2015-03-01 15:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2015-03-01 15:44 - 2015-03-01 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-01 15:41 - 2015-03-01 15:41 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64(2).exe

2015-03-01 15:38 - 2015-03-01 15:38 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64(1).exe

2015-03-01 15:34 - 2015-03-01 15:34 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64.exe

2015-03-01 13:22 - 2015-03-01 13:22 - 00244032 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\ResetDRM.exe

2015-03-01 12:21 - 2015-03-01 12:21 - 00000000 ____D () C:\Users\Rebecca\Documents\steuer

2015-03-01 12:07 - 2015-03-01 12:09 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Buhl

2015-03-01 12:07 - 2015-03-01 12:07 - 00002148 _____ () C:\Users\Public\Desktop\WISO steuer Start 2015.lnk

2015-03-01 12:07 - 2015-03-01 12:07 - 00000077 _____ () C:\Windows\wiso.ini

2015-03-01 12:07 - 2015-03-01 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Start 2015

2015-03-01 12:03 - 2015-03-01 12:09 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH

2015-03-01 12:03 - 2015-03-01 12:03 - 00000000 ____D () C:\Program Files (x86)\WISO

2015-03-01 09:39 - 2015-03-01 09:39 - 700242058 _____ () C:\Windows\MEMORY.DMP

2015-03-01 09:39 - 2015-03-01 09:39 - 00288552 _____ () C:\Windows\Minidump\030115-28610-01.dmp

2015-03-01 09:17 - 2015-03-01 09:17 - 00000872 _____ () C:\Users\Rebecca\Desktop\Ereignisse.txt

2015-03-01 09:14 - 2015-03-01 09:14 - 00001683 _____ () C:\Users\Rebecca\Desktop\Gmer.txt

2015-03-01 08:48 - 2015-03-01 08:49 - 00380416 _____ () C:\Users\Rebecca\Desktop\Gmer-19357.exe

2015-03-01 08:40 - 2015-03-01 08:40 - 00038740 _____ () C:\Users\Rebecca\Desktop\Addition.txt

2015-03-01 08:39 - 2015-03-03 08:14 - 00000000 ____D () C:\FRST

2015-03-01 08:39 - 2015-03-01 08:40 - 00030099 _____ () C:\Users\Rebecca\Desktop\FRST.txt

2015-03-01 08:39 - 2015-03-01 08:39 - 02092544 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST64.exe

2015-03-01 08:32 - 2015-03-01 08:32 - 00000476 _____ () C:\Users\Rebecca\Desktop\defogger_disable.log

2015-03-01 08:32 - 2015-03-01 08:32 - 00000000 _____ () C:\Users\Rebecca\defogger_reenable

2015-03-01 08:31 - 2015-03-01 08:31 - 00050477 _____ () C:\Users\Rebecca\Desktop\Defogger.exe

2015-02-28 20:21 - 2015-03-01 15:57 - 00158930 _____ () C:\Windows\PFRO.log

2015-02-22 06:00 - 2015-03-03 08:01 - 00000560 _____ () C:\Windows\setupact.log

2015-02-22 06:00 - 2015-02-22 06:00 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-21 21:02 - 2015-02-21 21:02 - 00003074 _____ () C:\Windows\System32\Tasks\{B1C3F483-11B1-4E48-AA87-FEF8171C3B2E}

2015-02-21 19:18 - 2015-02-21 19:26 - 45112928 _____ (Skype Technologies S.A.) C:\Users\Rebecca\Downloads\SkypeSetupFull.exe

2015-02-21 19:12 - 2015-02-21 19:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk

2015-02-21 19:03 - 2015-02-21 18:59 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2015-02-21 19:01 - 2015-03-01 12:02 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-21 18:59 - 2015-02-21 18:59 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Avira

2015-02-21 18:58 - 2015-02-21 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-21 18:58 - 2015-02-21 18:58 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2015-02-21 18:57 - 2015-02-21 19:11 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-21 18:57 - 2015-02-21 19:03 - 00000000 ____D () C:\ProgramData\Avira

2015-02-21 18:57 - 2015-02-04 17:51 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-02-21 18:57 - 2015-02-04 17:51 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-02-21 18:57 - 2015-02-04 17:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2015-02-21 18:52 - 2015-02-21 18:56 - 160782960 _____ () C:\Users\Rebecca\Downloads\avira_free_antivirus_de_15.0.8.624.exe

2015-02-21 18:51 - 2015-03-03 08:13 - 00298723 _____ () C:\Windows\WindowsUpdate.log

2015-02-21 18:40 - 2015-02-21 18:40 - 04196968 _____ (Piriform Ltd) C:\Users\Rebecca\Downloads\ccsetup502_slim.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-03 08:09 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-03 08:09 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-03 08:08 - 2011-09-14 12:59 - 15383534 _____ () C:\Windows\system32\perfh007.dat

2015-03-03 08:08 - 2011-09-14 12:59 - 04910878 _____ () C:\Windows\system32\perfc007.dat

2015-03-03 08:08 - 2009-07-14 06:13 - 00006472 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-03 08:02 - 2013-08-19 19:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-03 08:01 - 2011-09-14 03:14 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-03-03 08:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-03 07:51 - 2013-08-19 19:17 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-02 21:54 - 2011-09-23 13:35 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E13C1829-F2CF-4B7D-91AD-B2BCE9779098}

2015-03-02 21:42 - 2011-09-23 13:33 - 00083152 _____ () C:\Users\Rebecca\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-02 21:41 - 2009-07-14 05:45 - 00363984 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-01 18:10 - 2011-09-14 03:31 - 00000000 ____D () C:\ProgramData\Adobe

2015-03-01 18:10 - 2011-09-14 03:31 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-03-01 15:57 - 2014-05-24 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-03-01 15:52 - 2014-08-16 20:25 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Adobe

2015-03-01 12:10 - 2012-01-17 22:21 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\CrashDumps

2015-03-01 12:03 - 2011-09-14 03:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-03-01 09:39 - 2012-03-07 00:02 - 00000000 ____D () C:\Windows\Minidump

2015-03-01 08:32 - 2011-09-23 13:33 - 00000000 ____D () C:\Users\Rebecca

2015-02-21 18:51 - 2013-08-19 19:17 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-21 18:51 - 2013-08-19 19:17 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-21 18:41 - 2014-07-12 18:11 - 00000000 ____D () C:\Program Files\CCleaner

2015-02-04 17:24 - 2014-05-11 08:28 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-02-04 17:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 

==================== Files in the root of some directories =======
 

2014-06-29 20:27 - 2014-06-29 20:27 - 6010880 _____ () C:\Program Files (x86)\GUT3DF1.tmp

2014-07-05 18:50 - 2014-07-05 18:50 - 6010880 _____ () C:\Program Files (x86)\GUTA2E.tmp

2014-06-29 13:49 - 2014-06-29 13:49 - 6010880 _____ () C:\Program Files (x86)\GUTCD5E.tmp
 

Some content of TEMP:

====================

C:\Users\Rebecca\AppData\Local\Temp\avgnt.exe

C:\Users\Rebecca\AppData\Local\Temp\readSTILog.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-22 10:57
 

==================== End Of Log ============================

--- --- ---

hier der Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015

Ran by Rebecca at 2015-03-03 08:15:23

Running from C:\Users\Rebecca\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)

Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)

Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)

ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.392 - ArcSoft)

Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Atheros)

Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.624 - Avira)

Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)

Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.95 - Atheros Communications)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION

CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)

concept/design onlineTV 6 (HKLM-x32\...\{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1) (Version: onlineTV 6 - concept/design GmbH)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)

Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)

Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.800 - Corel Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )

EPSON S22 Series Printer Uninstall (HKLM\...\EPSON S22 Series) (Version:  - SEIKO EPSON Corporation)

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)

iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)

Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)

Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Langenscheidt Kurs 2 5.0 Spanisch (HKLM-x32\...\Kurs 2 5.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)

Langenscheidt Vokabeltrainer 5.0 Spanisch (HKLM-x32\...\{C0E98BCC-FE45-4912-B171-8F35C9CB937F}) (Version: 5.0.0 - Langenscheidt)

lingDIALOG (HKLM-x32\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)

lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden

Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

NVIDIA 3D Vision Treiber 268.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.31 - NVIDIA Corporation)

NVIDIA Grafiktreiber 268.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.31 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)

PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)

PMB VAIO Edition Guide (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden

PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden

PMB VAIO Edition Plug-in (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden

PMB VAIO Edition Plug-in (x32 Version: 1.5.10.06150 - Sony Corporation) Hidden

Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden

Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.6.9 - Sony Corporation)

Quick Web Access (x32 Version: 1.4.6.9 - Sony Corporation) Hidden

QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)

Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden

Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden

Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden

Spotify (HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)

SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden

SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft)

VAIO - Media Gallery (HKLM-x32\...\{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}) (Version: 1.5.0.16020 - Sony Corporation)

VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.02250 - Sony Corporation)

VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}) (Version: 1.6.10.11160 - Sony Corporation)

VAIO - Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.15070 - Sony Corporation)

VAIO - Remote-Tastatur  (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)

VAIO Care (HKLM\...\{FDCC09EA-A33E-4639-B1CD-FC1702815FA7}) (Version: 8.4.0.14281 - Sony Corporation)

VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.5.0.03040 - Sony Corporation)

VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.6.0.13140 - Sony Corporation)

VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden

VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)

VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden

VAIO Event Service (HKLM-x32\...\{73D8886A-D416-4687-B609-0D3836BA410C}) (Version: 5.5.0.03040 - Sony Corporation)

VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.3.0.11090 - Sony Corporation)

VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.4.0.03240 - Sony Corporation)

VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden

VAIO Hardware Diagnostics (x32 Version: 4.2.0.17180 - Sony Corporation) Hidden

VAIO Hero Screensaver - Summer 2011 Screensaver (HKLM-x32\...\VAIO Hero Screensaver - Summer 2011 Screensaver) (Version:  - )

VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.0.0.14150 - Sony Corporation)

VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)

VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)

VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.8.1.08270 - Sony Corporation)

VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)

VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.0.0.02250 - Sony Corporation)

VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation)

VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VESx64 (Version: 1.0.0 - Sony Corporation) Hidden

VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VIx64 (Version: 1.0.0 - Sony Corporation) Hidden

VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VLC media player 1.0.2 (HKLM-x32\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)

Vokabeltrainer-Update 5.0.27 (HKLM-x32\...\{A4987FC4-33BE-4227-B290-FAA1819B65C2}) (Version: 5.0.27 - Langenscheidt)

VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden

VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden

VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)

WISO steuer:Start 2015 (HKLM-x32\...\{0D3776B4-83AD-4EF8-91F8-22A186B0A52F}) (Version: 22.00.8811 - Buhl Data Service GmbH)

Yontoo Layers Runtime 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Yontoo LLC) <==== ATTENTION

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden

Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rebecca\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Rebecca\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
 

==================== Restore Points  =========================
 

13-07-2014 03:10:00 Geplanter Prüfpunkt

13-07-2014 10:09:18 Entfernt Easy Photo Print Plug-in for PMB(Picture Motion BrowserRôû

13-07-2014 10:10:52 OpenOffice.org 3.3 wird entfernt

14-07-2014 08:16:20 Windows Update

17-08-2014 16:14:42 Windows Update

21-11-2014 17:53:10 Windows Update

21-11-2014 18:00:23 Windows Update

04-02-2015 17:23:10 Windows Update

01-03-2015 12:01:51 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

01-03-2015 12:03:11 Installiert WISO steuer:Start 2015

01-03-2015 15:29:57 Removed Microsoft Silverlight

01-03-2015 15:48:38 Removed Microsoft Silverlight

01-03-2015 18:02:34 Removed Adobe Photoshop Elements 10.

01-03-2015 18:10:27 Removed Adobe Community Help
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2012-03-14 18:16 - 2012-03-14 18:13 - 00001224 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 adobeereg.com

127.0.0.1 hxxp://www.adobeereg.com

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 192.150.18.108

127.0.0.1 activate.adobe.com:443
 
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {11FC2715-BD64-4087-825A-5D6CBB32C80A} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"

Task: {228D7B53-86E1-407F-83B9-29A9DE1C508F} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)

Task: {2422013E-D4E6-400D-BBC9-5CB0B622A6E4} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\SymErr.exe

Task: {255CA4D8-173C-4507-A155-7D8C80CEE6EB} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)

Task: {32871535-9497-493F-8936-6EB31E3906EB} - System32\Tasks\{1452235B-E60F-4438-9D7C-BDD12CC18ADB} => Firefox.exe 

Task: {35446D3A-DBFA-4D32-892F-CDA413686A43} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)

Task: {3C1064D3-A994-4220-9D0D-9E9B7DB61868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)

Task: {3F205720-6ADF-464A-9852-989EC9C6ABDA} - System32\Tasks\{0F62D350-047A-4441-8028-E43EEC43B6C5} => C:\Users\Rebecca\Downloads\Firefox Setup 9.0.1.exe

Task: {4CFE56AA-D985-4B25-B6CD-EB501ABC5604} - System32\Tasks\{19931DAF-E68F-4F5E-B609-81DEB8A7A19B} => Firefox.exe 

Task: {4F770BF0-C6B1-418E-AA99-179121FE86D8} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {54B4D3D8-7413-4C53-9A00-28EBE5D12EA4} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient

Task: {6DB8E548-8DAE-4AFC-B0B3-6836984A0C43} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {7A565DDA-5F28-45D2-88FB-9787C43EFF98} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {7B5D6CFE-B117-4CEA-BB86-1A993A90EFB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)

Task: {7DD2A586-EAFA-412C-9FE0-CCC745C07FFD} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {87BDCE6B-4778-4001-815B-FF1AA8B90813} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)

Task: {88729C68-2645-489C-AACC-130878A1132D} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {9236064C-0C72-4F5F-A312-358D310BC752} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)

Task: {9A45C44C-6983-4C77-AADD-5A07A3C4D17E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)

Task: {9CB3B459-4E1D-4AFA-93D6-33C69740C754} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\WSCStub.exe

Task: {9DB78B65-35DF-4B88-8BB1-BF51E8E53721} - System32\Tasks\{B1C3F483-11B1-4E48-AA87-FEF8171C3B2E} => Firefox.exe hxxp://ui.skype.com/ui/0/7.1.59.105/de/abandoninstall?page=tsBing

Task: {A65F7A73-345E-45CD-BCEA-0C74F6E21F30} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)

Task: {A670FE10-7DBE-41DD-9FA4-6ADB8234DA7D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {BCAC4B91-A46D-4EE4-AC29-69E79A8B21F8} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {C65C6FD4-2351-47FC-B45F-D1D351102E8D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-01] (Adobe Systems Incorporated)

Task: {CF5DFAF0-E54F-4C1C-8BEA-341312C1C822} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)

Task: {D916D508-7232-459B-9C7B-46C70CEA0450} - System32\Tasks\{4FA3A4F2-D721-4A90-AA93-E97C8F264CA1} => C:\Users\Rebecca\Downloads\Firefox Setup 9.0.1.exe

Task: {DB8F79DF-3B38-41BB-B865-F08B294F855D} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {E2FDA638-9205-4F32-AFE9-0548CE0E9FEE} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {F1D43B77-C982-4B72-9EAA-7A36BAE9530A} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {F4E18867-B4FE-44C5-AE9C-FC3B94326CAD} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)

Task: {F52F7F75-4BAE-4450-9604-BB908976F3CD} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.4.0.13\SymErr.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

2013-11-01 13:59 - 2013-11-01 13:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-09-14 03:20 - 2011-03-05 15:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll

2015-02-04 17:29 - 2015-02-04 17:29 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5a30dc1ce2757376d1f0f13e904dec4d\IsdiInterop.ni.dll

2011-09-14 03:08 - 2010-09-13 17:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2376502425-3775382256-1084218318-500 - Administrator - Disabled)

Gast (S-1-5-21-2376502425-3775382256-1084218318-501 - Limited - Disabled)

Rebecca (S-1-5-21-2376502425-3775382256-1084218318-1000 - Administrator - Enabled) => C:\Users\Rebecca
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/03/2015 08:08:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)

Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 

Error: (03/03/2015 08:08:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)

Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 

Error: (03/03/2015 08:08:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)

Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 

Error: (03/03/2015 08:03:15 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/03/2015 07:51:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12680479
 

Error: (03/03/2015 07:51:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12680479
 

Error: (03/03/2015 07:51:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (03/03/2015 07:50:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12664286
 

Error: (03/03/2015 07:50:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12664286
 

Error: (03/03/2015 07:50:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 
 

System errors:

=============

Error: (03/03/2015 08:11:56 AM) (Source: iaStor) (EventID: 9) (User: )

Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
 

Error: (03/03/2015 08:10:14 AM) (Source: iaStor) (EventID: 9) (User: )

Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
 

Error: (03/03/2015 08:09:13 AM) (Source: iaStor) (EventID: 9) (User: )

Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
 

Error: (03/03/2015 08:05:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Energy Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (03/03/2015 08:01:39 AM) (Source: BTHUSB) (EventID: 17) (User: )

Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
 

Error: (03/03/2015 07:51:20 AM) (Source: BTHUSB) (EventID: 17) (User: )

Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
 

Error: (03/03/2015 07:51:20 AM) (Source: Microsoft-Windows-CorruptedFileRecovery-Server) (EventID: 10) (User: NT-AUTORITÄT)

Description: Die Systemdatei "C:\Windows\System32\wbem\ntevt.dll" ist möglicherweise beschädigt, es konnte jedoch nicht festgestellt werden, ob die Datei tatsächlich beschädigt war (Fehlercode 2147943517). Es wurde kein Reparaturversuch unternommen. Führen Sie den Befehl "/scannow" an der Eingabeaufforderung mit administrativen Rechten aus, um die Datei auf Fehler zu prüfen und bei Bedarf zu reparieren.
 

Error: (03/03/2015 07:50:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SampleCollector erreicht.
 

Error: (03/03/2015 07:50:54 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 

Error: (03/03/2015 07:50:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "DNS-Client" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1069
 
 

Microsoft Office Sessions:

=========================

Error: (01/17/2013 11:27:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 43 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (01/17/2013 11:25:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 178 seconds with 120 seconds of active time.  This session ended with a crash.
 

Error: (01/17/2013 11:22:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2134 seconds with 600 seconds of active time.  This session ended with a crash.
 

Error: (01/17/2013 10:45:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5463 seconds with 4620 seconds of active time.  This session ended with a crash.
 

Error: (01/10/2012 01:21:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11041 seconds with 6780 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 29%

Total physical RAM: 6125.86 MB

Available physical RAM: 4302.92 MB

Total Pagefile: 12249.9 MB

Available Pagefile: 10295.84 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:452.03 GB) (Free:226.28 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B6E737C5)

Partition 1: (Not Active) - (Size=13.6 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Ich hoffe das psst so?!?

Danke und viele Grüße

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Bundled software uninstaller

Yontoo Layers Runtime 1.10.01
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo Schrauber,

ich habe alles wie beschrieben ausgeführt.
Der Computer hat sich bei dem 2) Programm automatisch neu gestartet. Es ist keine Fehlermeldung erschienen.

Code:

ComboFix 15-03-01.01 - Rebecca 03.03.2015  10:23:42.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6126.4345 [GMT 1:00]

ausgeführt von:: c:\users\Rebecca\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Rebecca\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

c:\users\Rebecca\AppData\Roaming\Moxad

c:\users\Rebecca\AppData\Roaming\Moxad\caewy.nae

c:\users\Rebecca\AppData\Roaming\Moxad\caewy.tmp

c:\windows\msdownld.tmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2015-02-03 bis 2015-03-03  ))))))))))))))))))))))))))))))

.

.

2015-03-03 08:53 . 2015-03-03 08:53        --------        d-----w-        c:\program files (x86)\VS Revo Group

2015-03-01 17:07 . 2015-03-01 17:07        --------        d-----w-        c:\users\Rebecca\AppData\Roaming\No Company Name

2015-03-01 15:36 . 2015-03-01 15:36        --------        d-----w-        c:\users\Rebecca\AppData\Local\Macromedia

2015-03-01 14:53 . 2015-03-01 14:53        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-03-01 14:53 . 2015-03-01 14:53        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2015-03-01 14:52 . 2015-03-01 14:52        --------        d-----w-        c:\program files\Microsoft Silverlight

2015-03-01 14:52 . 2015-03-01 14:52        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight

2015-03-01 11:07 . 2015-03-01 11:09        --------        d-----w-        c:\users\Rebecca\AppData\Local\Buhl

2015-03-01 11:03 . 2015-03-01 11:03        --------        d-----w-        c:\program files (x86)\WISO

2015-03-01 11:03 . 2015-03-01 11:09        --------        d-----w-        c:\programdata\Buhl Data Service GmbH

2015-03-01 07:39 . 2015-03-03 07:15        --------        d-----w-        C:\FRST

2015-02-28 19:37 . 2015-02-28 19:37        --------        d-----w-        c:\users\Rebecca\AppData\Local\ElevatedDiagnostics

2015-02-21 18:03 . 2015-02-21 17:59        44088        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2015-02-21 18:01 . 2015-03-01 11:02        --------        d-----w-        c:\programdata\Package Cache

2015-02-21 17:59 . 2015-02-21 17:59        --------        d-----w-        c:\users\Rebecca\AppData\Roaming\Avira

2015-02-21 17:57 . 2015-02-04 16:51        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2015-02-21 17:57 . 2015-02-04 16:51        132120        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2015-02-21 17:57 . 2015-02-04 16:51        128536        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2015-02-21 17:57 . 2015-02-21 18:11        --------        d-----w-        c:\program files (x86)\Avira

2015-02-21 17:57 . 2015-02-21 18:03        --------        d-----w-        c:\programdata\Avira

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-07-05 17:50 . 2014-07-05 17:50        6010880        ----a-w-        c:\program files (x86)\GUTA2E.tmp

2014-06-29 19:27 . 2014-06-29 19:27        6010880        ----a-w-        c:\program files (x86)\GUT3DF1.tmp

2014-06-29 12:49 . 2014-06-29 12:49        6010880        ----a-w-        c:\program files (x86)\GUTCD5E.tmp

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-02-04 703280]

"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]

R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]

R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files\Sony\MSS\3.8.141\McCHSvc.exe;c:\program files\Sony\MSS\3.8.141\McCHSvc.exe [x]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]

R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]

S2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2015-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-01 14:53]

.

2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19 18:17]

.

2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19 18:17]

.

.

--------- X64 Entries -----------

.

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.sony.eu/vaioportal

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - 

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\windows\SysWOW64\DllHost.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

c:\program files\Sony\VAIO Care\listener.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2015-03-03  10:36:31 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2015-03-03 09:36

.

Vor Suchlauf: 17 Verzeichnis(se), 242.423.119.872 Bytes frei

Nach Suchlauf: 24 Verzeichnis(se), 242.184.540.160 Bytes frei

.

- - End Of File - - 6653961919A4CC7B7E0718C9916A0581

Sag mal Schrauber, ich nehme an Ihr dürft keine Namen nennen, aber ist es möglich das du mir eine Antivirus Software empfiehlst?

Danke für die bisherige Hilfe,

März

klar dürfen wir das.

Ich empfehle immer Emsisoft, ich arbeite aber auch dort. :)

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo Schrauber,

hier die files:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 03.03.2015

Suchlauf-Zeit: 19:18:45

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.03.03.05

Rootkit Datenbank: v2015.02.25.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Rebecca
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 389404

Verstrichene Zeit: 33 Min, 46 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 2

PUP.Optional.Softonic.A, HKU\S-1-5-21-2376502425-3775382256-1084218318-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [f62bfc45157596a0f167e0cd57acce32], 

PUP.Optional.FilesFrog.A, HKU\S-1-5-21-2376502425-3775382256-1084218318-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI, In Quarantäne, [69b8e35e0d7d68ce90fce622679ee21e], 
 

Registrierungswerte: 1

PUP.Optional.FilesFrog.A, HKU\S-1-5-21-2376502425-3775382256-1084218318-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, In Quarantäne, [69b8e35e0d7d68ce90fce622679ee21e]
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 1

PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo Layers Runtime, In Quarantäne, [68b9b190f991ce684cea85ee986bed13], 
 

Dateien: 0

(Keine schädliche Elemente erkannt)
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

Adw Cleaner

Code:

# AdwCleaner v4.111 - Bericht erstellt 03/03/2015 um 20:49:55

# Aktualisiert 18/02/2015 von Xplode

# Datenbank : 2015-03-02.3 [Server]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)

# Benutzername : Rebecca - REBECCA-VAIO

# Gestarted von : C:\Users\Rebecca\Downloads\AdwCleaner_4.111.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Tarma Installer

Datei Gelöscht : C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\foxydeal.sqlite

Datei Gelöscht : C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\searchplugins\safesearch.xml

Datei Gelöscht : C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\user.js
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17239
 
 

-\\ Mozilla Firefox v36.0 (x86 de)
 
 

-\\ Google Chrome v
 

[C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://int.search-results.com/web?q={searchTerms}&amp;o=15527&amp;l=dis&amp;prt=NIS&amp;chn=retail&amp;geo=DE&amp;ver=19&gct=sb&qsrc=2869
 

*************************
 

AdwCleaner[R0].txt - [2879 Bytes] - [03/03/2015 20:43:34]

AdwCleaner[S0].txt - [2777 Bytes] - [03/03/2015 20:49:55]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2836  Bytes] ##########

Junkware

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.3 (03.01.2015:1)

OS: Windows 7 Home Premium x64

Ran by Rebecca on 03.03.2015 at 21:05:06,02

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Rebecca\AppData\Roaming\mozilla\firefox\profiles\8ibtzq0s.default\minidumps [3 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 03.03.2015 at 21:29:52,64

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015

Ran by Rebecca (administrator) on REBECCA-VAIO on 03-03-2015 21:33:04

Running from C:\Users\Rebecca\Desktop

Loaded Profiles: Rebecca (Available profiles: Rebecca)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

() C:\Program Files\Sony\VAIO Care\listener.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-03] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.eu/vaioportal

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {55AC56BA-EA92-403A-B06E-A272A0EA3CBF} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {5EE7933D-E39A-4EBF-B8CC-4E7D0DB590B8} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {728AA856-5BA0-4EBC-A90D-463912C3E2FE} URL = hxxp://de.shopping.com/?linkin_id=8056363

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default

FF Homepage: about:home

FF Keyword.URL: 

FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\searchplugins\speedfox.xml
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll No File

CHR Plugin: (Norton Confidential) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\npcoplgn.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-17]

CHR Extension: (Google Drive) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]

CHR Extension: (YouTube) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]

CHR Extension: (Google Search) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]

CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac [2013-02-26]

CHR Extension: (Facebook Disconnect) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-08-02]

CHR Extension: (YoWindow Weather) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2013-08-02]

CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-05]

CHR Extension: (Google Wallet) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

CHR Extension: (Gmail) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros) [File not signed]

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [75936 2011-03-31] (Atheros Commnucations) [File not signed]

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]

S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-02-28] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-28] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-03] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-03 21:33 - 2015-03-03 21:33 - 00022041 _____ () C:\Users\Rebecca\Desktop\FRST.txt

2015-03-03 21:29 - 2015-03-03 21:29 - 00000760 _____ () C:\Users\Rebecca\Desktop\JRT.txt

2015-03-03 21:04 - 2015-03-03 21:04 - 01388333 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT.exe

2015-03-03 20:59 - 2015-03-03 20:59 - 00002940 _____ () C:\Users\Rebecca\Desktop\AdwCleaner[S0].txt

2015-03-03 20:43 - 2015-03-03 20:49 - 00000000 ____D () C:\AdwCleaner

2015-03-03 20:42 - 2015-03-03 20:43 - 02126848 _____ () C:\Users\Rebecca\Downloads\AdwCleaner_4.111.exe

2015-03-03 20:42 - 2015-03-03 20:42 - 00001870 _____ () C:\Users\Rebecca\Desktop\mbam.txt

2015-03-03 19:17 - 2015-03-03 21:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-03 19:17 - 2015-03-03 19:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-03 19:17 - 2015-03-03 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-03 19:17 - 2015-03-03 19:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-03 19:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-03 19:17 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-03 19:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-03 19:15 - 2015-03-03 19:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rebecca\Downloads\mbam-setup-2.0.4.1028.exe

2015-03-03 19:06 - 2015-03-03 19:06 - 00458276 _____ () C:\Users\Rebecca\Documents\Steuererklaerung.xps

2015-03-03 18:49 - 2015-03-03 18:49 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Buhl Data Service

2015-03-03 18:48 - 2015-03-03 18:48 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Buhl Data Service

2015-03-03 10:54 - 2015-03-03 11:28 - 00000000 ____D () C:\Users\Rebecca\Desktop\Krankenpflege

2015-03-03 10:36 - 2015-03-03 10:36 - 00016433 _____ () C:\ComboFix.txt

2015-03-03 10:17 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-03 10:17 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-03 10:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-03 10:15 - 2015-03-03 10:36 - 00000000 ____D () C:\Qoobox

2015-03-03 10:14 - 2015-03-03 10:35 - 00000000 ____D () C:\Windows\erdnt

2015-03-03 10:13 - 2015-03-03 10:13 - 05612482 ____R (Swearware) C:\Users\Rebecca\Desktop\ComboFix.exe

2015-03-03 09:53 - 2015-03-03 09:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rebecca\Downloads\revosetup95.exe

2015-03-03 09:53 - 2015-03-03 09:53 - 00001268 _____ () C:\Users\Rebecca\Desktop\Revo Uninstaller.lnk

2015-03-03 09:53 - 2015-03-03 09:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-03-03 08:15 - 2015-03-03 08:15 - 00037944 _____ () C:\Users\Rebecca\Downloads\Addition.txt

2015-03-03 08:14 - 2015-03-03 08:15 - 00032530 _____ () C:\Users\Rebecca\Downloads\FRST.txt

2015-03-01 18:07 - 2015-03-01 18:07 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\No Company Name

2015-03-01 16:36 - 2015-03-01 16:36 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Macromedia

2015-03-01 15:53 - 2015-03-03 20:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-01 15:53 - 2015-03-01 15:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-03-01 15:53 - 2015-03-01 15:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-03-01 15:53 - 2015-03-01 15:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-03-01 15:53 - 2015-03-01 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-03-01 15:52 - 2015-03-01 15:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2015-03-01 15:52 - 2015-03-01 15:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2015-03-01 15:44 - 2015-03-01 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-01 15:41 - 2015-03-01 15:41 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64(2).exe

2015-03-01 15:38 - 2015-03-01 15:38 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64(1).exe

2015-03-01 15:34 - 2015-03-01 15:34 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64.exe

2015-03-01 13:22 - 2015-03-01 13:22 - 00244032 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\ResetDRM.exe

2015-03-01 12:21 - 2015-03-03 19:07 - 00000000 ____D () C:\Users\Rebecca\Documents\steuer

2015-03-01 12:07 - 2015-03-03 19:07 - 00000602 _____ () C:\Windows\wiso.ini

2015-03-01 12:07 - 2015-03-01 12:09 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Buhl

2015-03-01 12:07 - 2015-03-01 12:07 - 00002148 _____ () C:\Users\Public\Desktop\WISO steuer Start 2015.lnk

2015-03-01 12:07 - 2015-03-01 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Start 2015

2015-03-01 12:03 - 2015-03-01 12:09 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH

2015-03-01 12:03 - 2015-03-01 12:03 - 00000000 ____D () C:\Program Files (x86)\WISO

2015-03-01 09:39 - 2015-03-01 09:39 - 700242058 _____ () C:\Windows\MEMORY.DMP

2015-03-01 09:39 - 2015-03-01 09:39 - 00288552 _____ () C:\Windows\Minidump\030115-28610-01.dmp

2015-03-01 08:39 - 2015-03-03 21:33 - 00000000 ____D () C:\FRST

2015-03-01 08:39 - 2015-03-01 08:39 - 02092544 _____ (Farbar) C:\Users\Rebecca\Desktop\FRST64.exe

2015-03-01 08:32 - 2015-03-01 08:32 - 00000000 _____ () C:\Users\Rebecca\defogger_reenable

2015-02-28 20:21 - 2015-03-03 20:51 - 00160290 _____ () C:\Windows\PFRO.log

2015-02-22 06:00 - 2015-03-03 20:51 - 00000728 _____ () C:\Windows\setupact.log

2015-02-22 06:00 - 2015-02-22 06:00 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-21 21:02 - 2015-02-21 21:02 - 00003074 _____ () C:\Windows\System32\Tasks\{B1C3F483-11B1-4E48-AA87-FEF8171C3B2E}

2015-02-21 19:18 - 2015-02-21 19:26 - 45112928 _____ (Skype Technologies S.A.) C:\Users\Rebecca\Downloads\SkypeSetupFull.exe

2015-02-21 19:12 - 2015-02-21 19:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk

2015-02-21 19:03 - 2015-02-21 18:59 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2015-02-21 19:01 - 2015-03-01 12:02 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-21 18:59 - 2015-02-21 18:59 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Avira

2015-02-21 18:58 - 2015-02-21 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-21 18:58 - 2015-02-21 18:58 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2015-02-21 18:57 - 2015-02-21 19:11 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-21 18:57 - 2015-02-21 19:03 - 00000000 ____D () C:\ProgramData\Avira

2015-02-21 18:57 - 2015-02-04 17:51 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-02-21 18:57 - 2015-02-04 17:51 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-02-21 18:57 - 2015-02-04 17:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2015-02-21 18:52 - 2015-02-21 18:56 - 160782960 _____ () C:\Users\Rebecca\Downloads\avira_free_antivirus_de_15.0.8.624.exe

2015-02-21 18:51 - 2015-03-03 21:00 - 00366662 _____ () C:\Windows\WindowsUpdate.log

2015-02-21 18:40 - 2015-02-21 18:40 - 04196968 _____ (Piriform Ltd) C:\Users\Rebecca\Downloads\ccsetup502_slim.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-03 21:00 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-03 21:00 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-03 20:56 - 2013-08-19 19:17 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-03 20:55 - 2011-09-14 12:59 - 15443422 _____ () C:\Windows\system32\perfh007.dat

2015-03-03 20:55 - 2011-09-14 12:59 - 04930542 _____ () C:\Windows\system32\perfc007.dat

2015-03-03 20:55 - 2009-07-14 06:13 - 00006472 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-03 20:52 - 2013-08-19 19:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-03 20:51 - 2011-09-14 03:14 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-03-03 20:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-03 20:35 - 2012-01-17 22:21 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\CrashDumps

2015-03-03 19:17 - 2012-03-20 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-03 10:36 - 2014-04-22 20:22 - 00000000 ____D () C:\Users\dub_cm_auto

2015-03-03 10:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-03-03 10:30 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-03-02 21:54 - 2011-09-23 13:35 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E13C1829-F2CF-4B7D-91AD-B2BCE9779098}

2015-03-02 21:42 - 2011-09-23 13:33 - 00083152 _____ () C:\Users\Rebecca\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-02 21:41 - 2009-07-14 05:45 - 00363984 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-01 18:10 - 2011-09-14 03:31 - 00000000 ____D () C:\ProgramData\Adobe

2015-03-01 18:10 - 2011-09-14 03:31 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-03-01 15:57 - 2014-05-24 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-03-01 15:52 - 2014-08-16 20:25 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Adobe

2015-03-01 12:03 - 2011-09-14 03:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-03-01 09:39 - 2012-03-07 00:02 - 00000000 ____D () C:\Windows\Minidump

2015-03-01 08:32 - 2011-09-23 13:33 - 00000000 ____D () C:\Users\Rebecca

2015-02-21 18:51 - 2013-08-19 19:17 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-21 18:51 - 2013-08-19 19:17 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-21 18:41 - 2014-07-12 18:11 - 00000000 ____D () C:\Program Files\CCleaner

2015-02-04 17:24 - 2014-05-11 08:28 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-02-04 17:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 

==================== Files in the root of some directories =======
 

2014-06-29 20:27 - 2014-06-29 20:27 - 6010880 _____ () C:\Program Files (x86)\GUT3DF1.tmp

2014-07-05 18:50 - 2014-07-05 18:50 - 6010880 _____ () C:\Program Files (x86)\GUTA2E.tmp

2014-06-29 13:49 - 2014-06-29 13:49 - 6010880 _____ () C:\Program Files (x86)\GUTCD5E.tmp
 

Some content of TEMP:

====================

C:\Users\Rebecca\AppData\Local\Temp\avgnt.exe

C:\Users\Rebecca\AppData\Local\Temp\Quarantine.exe

C:\Users\Rebecca\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-22 10:57
 

==================== End Of Log ============================

--- --- ---

Vielen Dank für die Empfehlung und die bisherige Hilfe, Schrauber.
PC läuft als ein bisschen besser. :)

Grüße
März

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo Schrauber,

thank you very much... hier die Daten:

Malwarebytes

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 04.03.2015

Suchlauf-Zeit: 10:40:54

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.03.04.03

Rootkit Datenbank: v2015.02.25.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Rebecca
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 392269

Verstrichene Zeit: 41 Min, 35 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente erkannt)
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 0

(Keine schädliche Elemente erkannt)
 

Dateien: 0

(Keine schädliche Elemente erkannt)
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 

(end)

ADW Cleaner

Code:

# AdwCleaner v4.111 - Bericht erstellt 04/03/2015 um 11:28:21

# Aktualisiert 18/02/2015 von Xplode

# Datenbank : 2015-02-18.3 [Server]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)

# Benutzername : Rebecca - REBECCA-VAIO

# Gestarted von : C:\Users\Rebecca\Desktop\AdwCleaner_4.111.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17239
 
 

-\\ Mozilla Firefox v36.0 (x86 de)
 
 

-\\ Google Chrome v
 
 

*************************
 

AdwCleaner[R0].txt - [2879 Bytes] - [03/03/2015 20:43:34]

AdwCleaner[R1].txt - [1003 Bytes] - [04/03/2015 11:25:12]

AdwCleaner[R2].txt - [1903 Bytes] - [04/03/2015 11:26:00]

AdwCleaner[S0].txt - [2940 Bytes] - [03/03/2015 20:49:55]

AdwCleaner[S1].txt - [1826 Bytes] - [04/03/2015 11:28:21]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1885  Bytes] ##########

Junkware removal tool

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.3 (03.01.2015:1)

OS: Windows 7 Home Premium x64

Ran by Rebecca on 04.03.2015 at 14:12:55,08

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 04.03.2015 at 14:17:13,56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015

Ran by Rebecca (administrator) on REBECCA-VAIO on 04-03-2015 14:22:58

Running from C:\Users\Rebecca\Desktop\Krankenpflege

Loaded Profiles: Rebecca (Available profiles: Rebecca)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

() C:\Program Files\Sony\VAIO Care\listener.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-03] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.eu/vaioportal

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {55AC56BA-EA92-403A-B06E-A272A0EA3CBF} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {5EE7933D-E39A-4EBF-B8CC-4E7D0DB590B8} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {728AA856-5BA0-4EBC-A90D-463912C3E2FE} URL = hxxp://de.shopping.com/?linkin_id=8056363

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 

FireFox:

========

FF ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default

FF Homepage: about:home

FF Keyword.URL: 

FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\searchplugins\speedfox.xml
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll No File

CHR Plugin: (Norton Confidential) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\npcoplgn.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-17]

CHR Extension: (Google Drive) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]

CHR Extension: (YouTube) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]

CHR Extension: (Google Search) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]

CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac [2013-02-26]

CHR Extension: (Facebook Disconnect) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-08-02]

CHR Extension: (YoWindow Weather) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2013-08-02]

CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-05]

CHR Extension: (Google Wallet) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

CHR Extension: (Gmail) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros) [File not signed]

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [75936 2011-03-31] (Atheros Commnucations) [File not signed]

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]

S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)

R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)

R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-02-28] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-28] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)

R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)

R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)

R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)

R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)

R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)

R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)

R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)

R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)

R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)

R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)

R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)

R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)

R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)

R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)

R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)

R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)

R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)

R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)

R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)

R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-04 14:17 - 2015-03-04 14:17 - 00000627 _____ () C:\Users\Rebecca\Desktop\JRT.txt

2015-03-04 11:38 - 2015-03-04 11:38 - 01388333 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT(2).exe

2015-03-04 11:38 - 2015-03-04 11:38 - 01388333 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT(1).exe

2015-03-04 11:37 - 2015-03-04 11:37 - 00000993 _____ () C:\Users\Rebecca\Desktop\AdwCleaner[S1].txt - Verknüpfung.lnk

2015-03-04 11:24 - 2015-03-04 11:24 - 02126848 _____ () C:\Users\Rebecca\Downloads\AdwCleaner_4.111(1).exe

2015-03-04 11:23 - 2015-03-04 11:23 - 00001203 _____ () C:\Users\Rebecca\Desktop\mbam.txt

2015-03-04 10:37 - 2015-03-04 10:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rebecca\Downloads\mbam-setup-2.0.4.1028(1).exe

2015-03-03 22:05 - 2015-01-29 18:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys

2015-03-03 22:03 - 2015-03-03 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2015

2015-03-03 22:02 - 2015-03-03 22:02 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk

2015-03-03 22:02 - 2015-03-03 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-03-03 22:01 - 2015-03-03 22:02 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-03-03 22:01 - 2015-03-03 22:02 - 00000000 ____D () C:\Program Files\iTunes

2015-03-03 22:01 - 2015-03-03 22:01 - 00000000 ____D () C:\Program Files\iPod

2015-03-03 22:01 - 2015-03-03 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes

2015-03-03 21:52 - 2015-03-03 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-03-03 21:52 - 2015-03-03 21:52 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2015-03-03 21:48 - 2015-03-03 21:48 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Panda Security

2015-03-03 21:48 - 2015-03-03 21:48 - 00000000 ____D () C:\Program Files (x86)\Panda Security

2015-03-03 21:45 - 2015-03-03 21:48 - 00000000 ____D () C:\ProgramData\Panda Security

2015-03-03 21:45 - 2015-03-03 21:45 - 01630952 _____ () C:\Users\Rebecca\Downloads\PANDAFREEAV.exe

2015-03-03 21:04 - 2015-03-03 21:04 - 01388333 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT.exe

2015-03-03 20:43 - 2015-03-04 11:28 - 00000000 ____D () C:\AdwCleaner

2015-03-03 20:42 - 2015-03-03 20:43 - 02126848 _____ () C:\Users\Rebecca\Desktop\AdwCleaner_4.111.exe

2015-03-03 19:17 - 2015-03-04 13:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-03 19:17 - 2015-03-04 10:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-03 19:17 - 2015-03-04 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-03 19:17 - 2015-03-04 10:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-03 19:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-03 19:17 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-03 19:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-03 19:15 - 2015-03-03 19:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rebecca\Downloads\mbam-setup-2.0.4.1028.exe

2015-03-03 19:06 - 2015-03-03 19:06 - 00458276 _____ () C:\Users\Rebecca\Documents\Steuererklaerung.xps

2015-03-03 18:49 - 2015-03-03 18:49 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Buhl Data Service

2015-03-03 18:48 - 2015-03-03 18:48 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Buhl Data Service

2015-03-03 10:54 - 2015-03-04 14:22 - 00000000 ____D () C:\Users\Rebecca\Desktop\Krankenpflege

2015-03-03 10:36 - 2015-03-03 10:36 - 00016433 _____ () C:\ComboFix.txt

2015-03-03 10:17 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-03 10:17 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-03 10:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-03 10:15 - 2015-03-03 10:36 - 00000000 ____D () C:\Qoobox

2015-03-03 10:14 - 2015-03-03 10:35 - 00000000 ____D () C:\Windows\erdnt

2015-03-03 10:13 - 2015-03-03 10:13 - 05612482 ____R (Swearware) C:\Users\Rebecca\Desktop\ComboFix.exe

2015-03-03 09:53 - 2015-03-03 09:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rebecca\Downloads\revosetup95.exe

2015-03-03 09:53 - 2015-03-03 09:53 - 00001268 _____ () C:\Users\Rebecca\Desktop\Revo Uninstaller.lnk

2015-03-03 09:53 - 2015-03-03 09:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-03-03 08:15 - 2015-03-03 08:15 - 00037944 _____ () C:\Users\Rebecca\Downloads\Addition.txt

2015-03-03 08:14 - 2015-03-03 08:15 - 00032530 _____ () C:\Users\Rebecca\Downloads\FRST.txt

2015-03-01 18:07 - 2015-03-01 18:07 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\No Company Name

2015-03-01 16:36 - 2015-03-01 16:36 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Macromedia

2015-03-01 15:53 - 2015-03-04 13:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-01 15:53 - 2015-03-01 15:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-03-01 15:53 - 2015-03-01 15:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-03-01 15:53 - 2015-03-01 15:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-03-01 15:53 - 2015-03-01 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-03-01 15:52 - 2015-03-01 15:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2015-03-01 15:52 - 2015-03-01 15:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2015-03-01 15:44 - 2015-03-01 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-01 15:41 - 2015-03-01 15:41 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64(2).exe

2015-03-01 15:38 - 2015-03-01 15:38 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64(1).exe

2015-03-01 15:34 - 2015-03-01 15:34 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64.exe

2015-03-01 13:22 - 2015-03-01 13:22 - 00244032 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\ResetDRM.exe

2015-03-01 12:21 - 2015-03-03 19:07 - 00000000 ____D () C:\Users\Rebecca\Documents\steuer

2015-03-01 12:07 - 2015-03-03 19:07 - 00000602 _____ () C:\Windows\wiso.ini

2015-03-01 12:07 - 2015-03-01 12:09 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Buhl

2015-03-01 12:07 - 2015-03-01 12:07 - 00002148 _____ () C:\Users\Public\Desktop\WISO steuer Start 2015.lnk

2015-03-01 12:07 - 2015-03-01 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Start 2015

2015-03-01 12:03 - 2015-03-01 12:09 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH

2015-03-01 12:03 - 2015-03-01 12:03 - 00000000 ____D () C:\Program Files (x86)\WISO

2015-03-01 09:39 - 2015-03-01 09:39 - 700242058 _____ () C:\Windows\MEMORY.DMP

2015-03-01 09:39 - 2015-03-01 09:39 - 00288552 _____ () C:\Windows\Minidump\030115-28610-01.dmp

2015-03-01 08:39 - 2015-03-04 14:23 - 00000000 ____D () C:\FRST

2015-03-01 08:32 - 2015-03-01 08:32 - 00000000 _____ () C:\Users\Rebecca\defogger_reenable

2015-02-28 20:21 - 2015-03-03 20:51 - 00160290 _____ () C:\Windows\PFRO.log

2015-02-25 20:03 - 2015-02-25 20:03 - 00197392 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys

2015-02-25 20:03 - 2015-02-25 20:03 - 00163088 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys

2015-02-25 20:03 - 2015-02-25 20:03 - 00133904 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys

2015-02-25 20:03 - 2015-02-25 20:03 - 00124176 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys

2015-02-25 20:03 - 2015-02-25 20:03 - 00121616 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys

2015-02-25 20:03 - 2015-02-25 20:03 - 00107792 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys

2015-02-22 06:00 - 2015-03-04 13:36 - 00000952 _____ () C:\Windows\setupact.log

2015-02-22 06:00 - 2015-02-22 06:00 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-21 21:02 - 2015-02-21 21:02 - 00003074 _____ () C:\Windows\System32\Tasks\{B1C3F483-11B1-4E48-AA87-FEF8171C3B2E}

2015-02-21 19:18 - 2015-02-21 19:26 - 45112928 _____ (Skype Technologies S.A.) C:\Users\Rebecca\Downloads\SkypeSetupFull.exe

2015-02-21 19:12 - 2015-02-21 19:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk

2015-02-21 19:03 - 2015-02-21 18:59 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2015-02-21 19:01 - 2015-03-01 12:02 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-21 18:59 - 2015-02-21 18:59 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Avira

2015-02-21 18:58 - 2015-02-21 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-21 18:58 - 2015-02-21 18:58 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2015-02-21 18:57 - 2015-02-21 19:11 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-21 18:57 - 2015-02-21 19:03 - 00000000 ____D () C:\ProgramData\Avira

2015-02-21 18:57 - 2015-02-04 17:51 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-02-21 18:57 - 2015-02-04 17:51 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-02-21 18:57 - 2015-02-04 17:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2015-02-21 18:52 - 2015-02-21 18:56 - 160782960 _____ () C:\Users\Rebecca\Downloads\avira_free_antivirus_de_15.0.8.624.exe

2015-02-21 18:51 - 2015-03-04 13:42 - 00435781 _____ () C:\Windows\WindowsUpdate.log

2015-02-21 18:40 - 2015-02-21 18:40 - 04196968 _____ (Piriform Ltd) C:\Users\Rebecca\Downloads\ccsetup502_slim.exe

2015-02-09 22:13 - 2015-02-09 22:13 - 00299792 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSProt.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00257296 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSStrm.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00202000 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSHttp.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00166160 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSPrv.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00124176 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSPop3.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00116496 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSIds.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00113424 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSSmtp.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00110864 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSHttps.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00106256 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNStlsc.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00099600 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSpicc.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00093968 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSAlpc.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00069904 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSPihsw.sys
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-04 13:56 - 2013-08-19 19:17 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-04 13:46 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-04 13:46 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-04 13:37 - 2013-08-19 19:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-04 13:37 - 2011-09-14 03:14 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-03-04 13:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-04 11:44 - 2012-01-17 22:21 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\CrashDumps

2015-03-04 11:37 - 2011-09-29 07:47 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\vlc

2015-03-04 10:40 - 2011-09-14 12:59 - 15473366 _____ () C:\Windows\system32\perfh007.dat

2015-03-04 10:40 - 2011-09-14 12:59 - 04940374 _____ () C:\Windows\system32\perfc007.dat

2015-03-04 10:40 - 2009-07-14 06:13 - 00006472 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-04 10:37 - 2011-09-23 13:35 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E13C1829-F2CF-4B7D-91AD-B2BCE9779098}

2015-03-03 22:06 - 2011-09-23 13:33 - 00083624 _____ () C:\Users\Rebecca\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-03 22:05 - 2009-07-14 05:45 - 00406648 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-03 22:01 - 2013-08-19 10:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2015-03-03 22:01 - 2011-10-05 20:24 - 00000000 ____D () C:\Program Files\Common Files\Apple

2015-03-03 21:57 - 2011-10-05 20:24 - 00000000 ____D () C:\ProgramData\Apple

2015-03-03 19:17 - 2012-03-20 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-03 10:36 - 2014-04-22 20:22 - 00000000 ____D () C:\Users\dub_cm_auto

2015-03-03 10:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-03-03 10:30 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-03-01 18:10 - 2011-09-14 03:31 - 00000000 ____D () C:\ProgramData\Adobe

2015-03-01 18:10 - 2011-09-14 03:31 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-03-01 15:57 - 2014-05-24 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-03-01 15:52 - 2014-08-16 20:25 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Adobe

2015-03-01 12:03 - 2011-09-14 03:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-03-01 09:39 - 2012-03-07 00:02 - 00000000 ____D () C:\Windows\Minidump

2015-03-01 08:32 - 2011-09-23 13:33 - 00000000 ____D () C:\Users\Rebecca

2015-02-21 18:51 - 2013-08-19 19:17 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-21 18:51 - 2013-08-19 19:17 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-21 18:41 - 2014-07-12 18:11 - 00000000 ____D () C:\Program Files\CCleaner

2015-02-04 17:24 - 2014-05-11 08:28 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-02-04 17:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 

==================== Files in the root of some directories =======
 

2014-06-29 20:27 - 2014-06-29 20:27 - 6010880 _____ () C:\Program Files (x86)\GUT3DF1.tmp

2014-07-05 18:50 - 2014-07-05 18:50 - 6010880 _____ () C:\Program Files (x86)\GUTA2E.tmp

2014-06-29 13:49 - 2014-06-29 13:49 - 6010880 _____ () C:\Program Files (x86)\GUTCD5E.tmp
 

Some content of TEMP:

====================

C:\Users\Rebecca\AppData\Local\Temp\avgnt.exe

C:\Users\Rebecca\AppData\Local\Temp\Quarantine.exe

C:\Users\Rebecca\AppData\Local\Temp\{5AD01DD0-7E7F-4B15-A1F7-4F1016160B84}.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-22 10:57
 

==================== End Of Log ============================

--- --- ---

Er läuft, aber hängt noch häufig....gerade nach dem hochfahren... ist vielleicht das Alter? Wenn ich Firefox starte dauert das fast vier Minuten bis es sich öffnet...
Das ist alles nicht immer sondern hin und wieder der Fall.

Danke und viele Grüße

März

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo Schrauber,

für firefox wurde alles nach deinen Anweisungen gemacht. Der neue Download von Firefox über IE war die Hölle...das hat insgesamt bestimmt 2h gedauert, weil der Bildschirm ständig eingefroren war oder Seiten nicht geladen wurden. Über Firefox läuft jetzt wieder alles fließend. :)

Hier die Daten:

Eset

Code:

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=e334e8c761040c4cb889d092a5d28a6a

# engine=22755

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-03-05 07:21:02

# local_time=2015-03-05 08:21:02 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Panda Cloud Antivirus'

# compatibility_mode=1552 16777213 75 93 124365 211736036 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 51581447 177169912 0 0

# scanned=199951

# found=9

# cleaned=9

# scan_time=38462

sh=1B068F960E4A3889FA691947A6C01B2B0B9EED60 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-2376502425-3775382256-1084218318-1000\$R8F19WG\8ibtzq0s.default\prefs-1.js"

sh=E9344C4C2436553EC08CC3672546DE8FD73A4C56 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-2376502425-3775382256-1084218318-1000\$R8F19WG\8ibtzq0s.default\prefs.js"

sh=9F9FC35498B2781969A5D2A556FD98AA0488F2B1 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-2376502425-3775382256-1084218318-1000\$R8F19WG\8ibtzq0s.default\prefs.js.BAK"

sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="Variante von Win32/Adware.Yontoo.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir"

sh=4E87476DC084C0FD24240ED0540A5A2B77551FF3 ft=1 fh=d730a63e5b652eb9 vn="Variante von Win32/Adware.Yontoo.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"

sh=C5DB8386C3A901DD6D4FB8B66685B889FA1099F9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\user.js.vir"

sh=90A440A11B158CACC211196FF49670F6F38EB760 ft=1 fh=8b2ddc3358c7903c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"

sh=01D25D8E128ABEF68F87077EB94B1300AFDC0270 ft=1 fh=ca53c0df264cabfc vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Rebecca\AppData\Local\Temp\{5AD01DD0-7E7F-4B15-A1F7-4F1016160B84}.exe"

sh=993483CF8B871E2AFC8D4C50DBB35DDDC521B5D6 ft=1 fh=872b659cd300edbd vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Rebecca\Music\Downloads\OOo3.2.0_Win32Intel_install_wJRE_de.exe"

security check

Code:

 Results of screen317's Security Check version 0.99.96  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Panda Global Protection 2015   

Avira Desktop                  

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Java(TM) 6 Update 22  

 Java version 32-bit out of Date! 

  Java 64-bit 8 Update 31  

 Adobe Flash Player 16.0.0.305  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Mozilla Firefox (36.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

 Malwarebytes Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015

Ran by Rebecca (administrator) on REBECCA-VAIO on 05-03-2015 09:40:07

Running from C:\Users\Rebecca\Desktop\Krankenpflege

Loaded Profiles: Rebecca (Available profiles: Rebecca)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

() C:\Program Files\Sony\VAIO Care\listener.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-03] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2376502425-3775382256-1084218318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.eu/vaioportal

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {55AC56BA-EA92-403A-B06E-A272A0EA3CBF} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {5EE7933D-E39A-4EBF-B8CC-4E7D0DB590B8} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}

SearchScopes: HKU\S-1-5-21-2376502425-3775382256-1084218318-1000 -> {728AA856-5BA0-4EBC-A90D-463912C3E2FE} URL = hxxp://de.shopping.com/?linkin_id=8056363

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 

FireFox:

========

FF ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\olhl55i0.default-1425500586658

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll No File

CHR Plugin: (Norton Confidential) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\npcoplgn.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-17]

CHR Extension: (Google Drive) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]

CHR Extension: (YouTube) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]

CHR Extension: (Google Search) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]

CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac [2013-02-26]

CHR Extension: (Facebook Disconnect) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-08-02]

CHR Extension: (YoWindow Weather) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2013-08-02]

CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-05]

CHR Extension: (Google Wallet) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

CHR Extension: (Gmail) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros) [File not signed]

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [75936 2011-03-31] (Atheros Commnucations) [File not signed]

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]

S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)

R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)

R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)

S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-02-28] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-28] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-05] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)

R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)

R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)

R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)

R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)

R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)

R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)

R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)

R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)

R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)

R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)

R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)

R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)

R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)

R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)

R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)

R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)

R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)

R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)

R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)

R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-05 09:39 - 2015-03-05 09:39 - 00001119 _____ () C:\Users\Rebecca\Desktop\checkup.txt

2015-03-05 08:29 - 2015-03-05 08:29 - 00852594 _____ () C:\Users\Rebecca\Downloads\SecurityCheck.exe

2015-03-04 21:36 - 2015-03-04 21:36 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-03-04 21:34 - 2015-03-04 21:35 - 02347384 _____ (ESET) C:\Users\Rebecca\Downloads\esetsmartinstaller_deu.exe

2015-03-04 21:23 - 2015-03-04 21:23 - 00000000 ____D () C:\Users\Rebecca\Desktop\Alte Firefox-Daten

2015-03-04 21:20 - 2015-03-04 21:20 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-03-04 21:20 - 2015-03-04 21:20 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-03-04 21:19 - 2015-03-04 21:19 - 00243576 _____ () C:\Users\Rebecca\Downloads\Firefox Setup Stub 36.0.exe

2015-03-04 21:10 - 2015-03-04 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-04 17:33 - 2015-03-04 17:34 - 02785665 _____ (PortableApps.com) C:\Users\Rebecca\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe

2015-03-04 14:24 - 2015-03-04 14:24 - 00042782 _____ () C:\Users\Rebecca\Desktop\FRST.txt

2015-03-04 14:17 - 2015-03-04 14:17 - 00000627 _____ () C:\Users\Rebecca\Desktop\JRT.txt

2015-03-04 11:38 - 2015-03-04 11:38 - 01388333 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT(2).exe

2015-03-04 11:38 - 2015-03-04 11:38 - 01388333 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT(1).exe

2015-03-04 11:37 - 2015-03-04 11:37 - 00000993 _____ () C:\Users\Rebecca\Desktop\AdwCleaner[S1].txt - Verknüpfung.lnk

2015-03-04 11:24 - 2015-03-04 11:24 - 02126848 _____ () C:\Users\Rebecca\Downloads\AdwCleaner_4.111(1).exe

2015-03-04 11:23 - 2015-03-04 11:23 - 00001203 _____ () C:\Users\Rebecca\Desktop\mbam.txt

2015-03-04 10:37 - 2015-03-04 10:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rebecca\Downloads\mbam-setup-2.0.4.1028(1).exe

2015-03-03 22:05 - 2015-01-29 18:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys

2015-03-03 22:03 - 2015-03-03 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2015

2015-03-03 22:02 - 2015-03-03 22:02 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk

2015-03-03 22:02 - 2015-03-03 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-03-03 22:01 - 2015-03-03 22:02 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-03-03 22:01 - 2015-03-03 22:02 - 00000000 ____D () C:\Program Files\iTunes

2015-03-03 22:01 - 2015-03-03 22:01 - 00000000 ____D () C:\Program Files\iPod

2015-03-03 22:01 - 2015-03-03 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes

2015-03-03 21:52 - 2015-03-03 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-03-03 21:52 - 2015-03-03 21:52 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2015-03-03 21:48 - 2015-03-03 21:48 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Panda Security

2015-03-03 21:48 - 2015-03-03 21:48 - 00000000 ____D () C:\Program Files (x86)\Panda Security

2015-03-03 21:45 - 2015-03-03 21:48 - 00000000 ____D () C:\ProgramData\Panda Security

2015-03-03 21:45 - 2015-03-03 21:45 - 01630952 _____ () C:\Users\Rebecca\Downloads\PANDAFREEAV.exe

2015-03-03 21:04 - 2015-03-03 21:04 - 01388333 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT.exe

2015-03-03 20:43 - 2015-03-04 11:28 - 00000000 ____D () C:\AdwCleaner

2015-03-03 20:42 - 2015-03-03 20:43 - 02126848 _____ () C:\Users\Rebecca\Desktop\AdwCleaner_4.111.exe

2015-03-03 19:17 - 2015-03-05 05:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-03 19:17 - 2015-03-04 10:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-03 19:17 - 2015-03-04 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-03 19:17 - 2015-03-04 10:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-03 19:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-03 19:17 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-03 19:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-03 19:15 - 2015-03-03 19:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rebecca\Downloads\mbam-setup-2.0.4.1028.exe

2015-03-03 19:06 - 2015-03-03 19:06 - 00458276 _____ () C:\Users\Rebecca\Documents\Steuererklaerung.xps

2015-03-03 18:49 - 2015-03-03 18:49 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Buhl Data Service

2015-03-03 18:48 - 2015-03-03 18:48 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Buhl Data Service

2015-03-03 10:54 - 2015-03-05 09:40 - 00000000 ____D () C:\Users\Rebecca\Desktop\Krankenpflege

2015-03-03 10:36 - 2015-03-03 10:36 - 00016433 _____ () C:\ComboFix.txt

2015-03-03 10:17 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-03 10:17 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-03 10:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-03 10:17 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-03 10:15 - 2015-03-03 10:36 - 00000000 ____D () C:\Qoobox

2015-03-03 10:14 - 2015-03-03 10:35 - 00000000 ____D () C:\Windows\erdnt

2015-03-03 10:13 - 2015-03-03 10:13 - 05612482 ____R (Swearware) C:\Users\Rebecca\Desktop\ComboFix.exe

2015-03-03 09:53 - 2015-03-03 09:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rebecca\Downloads\revosetup95.exe

2015-03-03 09:53 - 2015-03-03 09:53 - 00001268 _____ () C:\Users\Rebecca\Desktop\Revo Uninstaller.lnk

2015-03-03 09:53 - 2015-03-03 09:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-03-03 08:15 - 2015-03-03 08:15 - 00037944 _____ () C:\Users\Rebecca\Downloads\Addition.txt

2015-03-03 08:14 - 2015-03-03 08:15 - 00032530 _____ () C:\Users\Rebecca\Downloads\FRST.txt

2015-03-01 18:07 - 2015-03-01 18:07 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\No Company Name

2015-03-01 16:36 - 2015-03-01 16:36 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Macromedia

2015-03-01 15:53 - 2015-03-05 08:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-01 15:53 - 2015-03-01 15:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-03-01 15:53 - 2015-03-01 15:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-03-01 15:53 - 2015-03-01 15:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-03-01 15:53 - 2015-03-01 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-03-01 15:52 - 2015-03-01 15:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2015-03-01 15:52 - 2015-03-01 15:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2015-03-01 15:41 - 2015-03-01 15:41 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64(2).exe

2015-03-01 15:38 - 2015-03-01 15:38 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64(1).exe

2015-03-01 15:34 - 2015-03-01 15:34 - 13087456 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\Silverlight_x64.exe

2015-03-01 13:22 - 2015-03-01 13:22 - 00244032 _____ (Microsoft Corporation) C:\Users\Rebecca\Downloads\ResetDRM.exe

2015-03-01 12:21 - 2015-03-03 19:07 - 00000000 ____D () C:\Users\Rebecca\Documents\steuer

2015-03-01 12:07 - 2015-03-03 19:07 - 00000602 _____ () C:\Windows\wiso.ini

2015-03-01 12:07 - 2015-03-01 12:09 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Buhl

2015-03-01 12:07 - 2015-03-01 12:07 - 00002148 _____ () C:\Users\Public\Desktop\WISO steuer Start 2015.lnk

2015-03-01 12:07 - 2015-03-01 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Start 2015

2015-03-01 12:03 - 2015-03-01 12:09 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH

2015-03-01 12:03 - 2015-03-01 12:03 - 00000000 ____D () C:\Program Files (x86)\WISO

2015-03-01 09:39 - 2015-03-01 09:39 - 700242058 _____ () C:\Windows\MEMORY.DMP

2015-03-01 09:39 - 2015-03-01 09:39 - 00288552 _____ () C:\Windows\Minidump\030115-28610-01.dmp

2015-03-01 08:39 - 2015-03-05 09:40 - 00000000 ____D () C:\FRST

2015-03-01 08:32 - 2015-03-01 08:32 - 00000000 _____ () C:\Users\Rebecca\defogger_reenable

2015-02-28 20:21 - 2015-03-04 21:16 - 00166738 _____ () C:\Windows\PFRO.log

2015-02-25 20:03 - 2015-02-25 20:03 - 00197392 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys

2015-02-25 20:03 - 2015-02-25 20:03 - 00163088 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys

2015-02-25 20:03 - 2015-02-25 20:03 - 00133904 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys

2015-02-25 20:03 - 2015-02-25 20:03 - 00124176 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys

2015-02-25 20:03 - 2015-02-25 20:03 - 00121616 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys

2015-02-25 20:03 - 2015-02-25 20:03 - 00107792 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys

2015-02-22 06:00 - 2015-03-04 21:25 - 00001064 _____ () C:\Windows\setupact.log

2015-02-22 06:00 - 2015-02-22 06:00 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-21 19:18 - 2015-02-21 19:26 - 45112928 _____ (Skype Technologies S.A.) C:\Users\Rebecca\Downloads\SkypeSetupFull.exe

2015-02-21 19:12 - 2015-02-21 19:12 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk

2015-02-21 19:03 - 2015-02-21 18:59 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2015-02-21 19:01 - 2015-03-01 12:02 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-21 18:59 - 2015-02-21 18:59 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Avira

2015-02-21 18:58 - 2015-02-21 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-21 18:58 - 2015-02-21 18:58 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2015-02-21 18:57 - 2015-02-21 19:11 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-21 18:57 - 2015-02-21 19:03 - 00000000 ____D () C:\ProgramData\Avira

2015-02-21 18:57 - 2015-02-04 17:51 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-02-21 18:57 - 2015-02-04 17:51 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-02-21 18:57 - 2015-02-04 17:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2015-02-21 18:52 - 2015-02-21 18:56 - 160782960 _____ () C:\Users\Rebecca\Downloads\avira_free_antivirus_de_15.0.8.624.exe

2015-02-21 18:51 - 2015-03-05 08:45 - 00456321 _____ () C:\Windows\WindowsUpdate.log

2015-02-21 18:40 - 2015-02-21 18:40 - 04196968 _____ (Piriform Ltd) C:\Users\Rebecca\Downloads\ccsetup502_slim.exe

2015-02-09 22:13 - 2015-02-09 22:13 - 00299792 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSProt.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00257296 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSStrm.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00202000 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSHttp.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00166160 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSPrv.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00124176 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSPop3.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00116496 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSIds.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00113424 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSSmtp.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00110864 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSHttps.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00106256 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNStlsc.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00099600 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSpicc.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00093968 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSAlpc.sys

2015-02-09 22:13 - 2015-02-09 22:13 - 00069904 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NNSPihsw.sys
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-05 09:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-03-05 08:56 - 2013-08-19 19:17 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-04 21:26 - 2013-08-19 19:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-04 21:26 - 2011-09-14 03:14 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-03-04 21:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-04 21:24 - 2014-05-24 09:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-03-04 17:26 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-04 17:26 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-04 17:20 - 2011-09-14 12:59 - 15488338 _____ () C:\Windows\system32\perfh007.dat

2015-03-04 17:20 - 2011-09-14 12:59 - 04945290 _____ () C:\Windows\system32\perfc007.dat

2015-03-04 17:20 - 2009-07-14 06:13 - 00006472 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-04 11:44 - 2012-01-17 22:21 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\CrashDumps

2015-03-04 11:37 - 2011-09-29 07:47 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\vlc

2015-03-03 22:06 - 2011-09-23 13:33 - 00083624 _____ () C:\Users\Rebecca\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-03 22:05 - 2009-07-14 05:45 - 00406648 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-03 22:01 - 2013-08-19 10:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2015-03-03 22:01 - 2011-10-05 20:24 - 00000000 ____D () C:\Program Files\Common Files\Apple

2015-03-03 21:57 - 2011-10-05 20:24 - 00000000 ____D () C:\ProgramData\Apple

2015-03-03 19:17 - 2012-03-20 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-03 10:36 - 2014-04-22 20:22 - 00000000 ____D () C:\Users\dub_cm_auto

2015-03-03 10:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-03-03 10:30 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-03-01 18:10 - 2011-09-14 03:31 - 00000000 ____D () C:\ProgramData\Adobe

2015-03-01 18:10 - 2011-09-14 03:31 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-03-01 15:52 - 2014-08-16 20:25 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Adobe

2015-03-01 12:03 - 2011-09-14 03:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-03-01 09:39 - 2012-03-07 00:02 - 00000000 ____D () C:\Windows\Minidump

2015-03-01 08:32 - 2011-09-23 13:33 - 00000000 ____D () C:\Users\Rebecca

2015-02-21 18:51 - 2013-08-19 19:17 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-21 18:51 - 2013-08-19 19:17 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-21 18:41 - 2014-07-12 18:11 - 00000000 ____D () C:\Program Files\CCleaner

2015-02-04 17:24 - 2014-05-11 08:28 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-02-04 17:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 

==================== Files in the root of some directories =======
 

2014-06-29 20:27 - 2014-06-29 20:27 - 6010880 _____ () C:\Program Files (x86)\GUT3DF1.tmp

2014-07-05 18:50 - 2014-07-05 18:50 - 6010880 _____ () C:\Program Files (x86)\GUTA2E.tmp

2014-06-29 13:49 - 2014-06-29 13:49 - 6010880 _____ () C:\Program Files (x86)\GUTCD5E.tmp
 

Some content of TEMP:

====================

C:\Users\Rebecca\AppData\Local\Temp\avgnt.exe

C:\Users\Rebecca\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-05 09:12
 

==================== End Of Log ============================

--- --- ---

Danke Schrauber und viele Grüße

März

Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\$RECYCLE.BIN\S-1-5-21-2376502425-3775382256-1084218318-1000\$R8F19WG\8ibtzq0s.default\prefs-1.js
 

C:\$RECYCLE.BIN\S-1-5-21-2376502425-3775382256-1084218318-1000\$R8F19WG\8ibtzq0s.default\prefs.js
 

C:\$RECYCLE.BIN\S-1-5-21-2376502425-3775382256-1084218318-1000\$R8F19WG\8ibtzq0s.default\prefs.js.BAK
 

C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir
 

C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir
 

C:\AdwCleaner\Quarantine\C\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\8ibtzq0s.default\user.js.vir
 

C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe
 

C:\Users\Rebecca\AppData\Local\Temp\{5AD01DD0-7E7F-4B15-A1F7-4F1016160B84}.exe
 

C:\Users\Rebecca\Music\Downloads\OOo3.2.0_Win32Intel_install_wJRE_de.exe

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Setze folgendermassen den Internet Explorer zurück:

Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.

(Hier findest du die bebilderte Anleitung.)

Noch Probleme mit dem Rechner?

Achso, der Computer friert nach wie vor häufig ein, bei Firefox und auch bei anderen Dingen.
Ich hab mich für eine Panda Test-Vollversion entschieden. Wie bei Norton auch, schafft der Computer keinen vollständigen scan, nach ein paar Stunden fährt er runter, bei wieder anschalten gibt es nur einen BlueScreen... :(

Doofer PC :glaskugel: