Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Es öffnen sich ständig neue Fenster und Tabs (https://www.trojaner-board.de/150944-oeffnen-staendig-neue-fenster-tabs.html)

sarah96 12.03.2014 18:09
Es öffnen sich ständig neue Fenster und Tabs
 
Ich hab zurzeit das Problem, dass sich in meinem Internet Explorer Mozilla ständig neue Fenster und Tabs öffnen... einfach so... schätze es ist ein Virus, aber ich kenn mich leider garnicht mit Computern aus :rolleyes:

Hier zu den genaueren Link, wenn sich einfach so ein neuer Tab öffnet:
fastdailyfind.com

Hier zu den genaueren Link, wenn sich einfach so ein Fenster öffnet:
hxxp://static.icmwebserv.com/blank2.html#{%22ad_type%22%3A%22siteunder%22%2C%22percent%22%3A97%2C%22size%22%3A[{%22percent%22%3A47%2C%22width%22%3A800%2C%22height%22%3A600}%2C{%22percent%22%3A49%2C%22width%22%3A1200%2C%22height%22%3A900}%2C{%22percent%22%3A4%2C %22width%22%3A800%2C%22height%22%3A440}]%2C%22ad_width%22%3A800%2C%22ad_height%22%3A600%2C%22namespace%22%3A%22LITE%22%2C%22campaignID%22%3A%22000131%22%2C%22browser%22%3A%22ff%22%2C%22url%2 2%3A%22http%3A%2F%2Fwww.woerter-zaehlen.net%2F%22%2C%22install%22%3A1385653077%2C%22appID%22%3A33440%2C%22subID%22%3A%22300013105600000000%22}

Ich benutze das Virenprogramm Avira Free Antivirus.

Wüsste mittlerweile nicht mehr, was ich runtergeladen hab oder so, um das zu bekommen... Das Problem hab ich schon seit einer längeren Zeit... anfangs nur mit neuen Fenstern und nicht mit neuen Tabs... ich dachte auch am Anfang es verschwindet wieder, mittlerweile geht es mir auf die Nerven...

Hab den Virensuchlauf schonmal gestartet, es zeigt aber leider nichts an.

Ich würde mich riesig über Hilfe freuen, also schonmal Dankeschön im vorraus :dankeschoen:

M-K-D-B 12.03.2014 18:12
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


sarah96 12.03.2014 21:06

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-03-2014
Ran by Sarah (ATTENTION: The logged in user is not administrator) on SARAH-PC on 12-03-2014 20:52:23
Running from C:\Users\Sarah\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Spotify Ltd) C:\Users\Sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKU\.DEFAULT\...\Policies\system: [LogonHoursAction] 2
HKU\.DEFAULT\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1358626604-3724601533-3749057439-1003\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-1358626604-3724601533-3749057439-1003\...\Run: [GoogleChromeAutoLaunch_3AA6F76B1F039D21D0A8ED450CE79138] - C:\Program Files\Google\Chrome\Application\chrome.exe [859464 2014-03-02] (Google Inc.)
HKU\S-1-5-21-1358626604-3724601533-3749057439-1003\...\Run: [Spotify] - C:\Users\Sarah\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-16] (Spotify Ltd)
HKU\S-1-5-21-1358626604-3724601533-3749057439-1003\...\Run: [Spotify Web Helper] - C:\Users\Sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-16] (Spotify Ltd)
HKU\S-1-5-21-1358626604-3724601533-3749057439-1003\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1358626604-3724601533-3749057439-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1358626604-3724601533-3749057439-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  No File
URLSearchHook: HKLM - (No Name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} -  No File
URLSearchHook: HKLM - (No Name) - {f3416df4-7206-4d5f-bd98-ce349523d8df} -  No File
URLSearchHook: HKCU - (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: HKCU - (No Name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} -  No File
URLSearchHook: HKCU - (No Name) - {b80f591e-fe9a-46cf-a13e-180377240586} -  No File
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: HKCU - (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} -  No File
URLSearchHook: HKCU - (No Name) - {f3416df4-7206-4d5f-bd98-ce349523d8df} -  No File
SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2489959
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2489959
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {42574E3C-29C4-4CA9-9130-F98668FB0562} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=845297b2000000000000904ce5e6cf03
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKCU - {42574E3C-29C4-4CA9-9130-F98668FB0562} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {6206424E-E56F-45C7-80A3-46C876F42962} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2489959
SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM - No Name - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} -  No File
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - {f3416df4-7206-4d5f-bd98-ce349523d8df} -  No File
Toolbar: HKLM - No Name - {C424171E-592A-415a-9EB1-DFD6D95D3530} -  No File
Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} -  No File
Toolbar: HKCU - No Name - {B80F591E-FE9A-46CF-A13E-180377240586} -  No File
Toolbar: HKCU - No Name - {22E03916-85C5-44B0-8DC9-1830C11238D9} -  No File
Toolbar: HKCU - No Name - {F3416DF4-7206-4D5F-BD98-CE349523D8DF} -  No File
Toolbar: HKCU - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default
FF user.js: detected! => C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\user.js
FF SearchEngineOrder.1: Ask.com Search
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 - C:\Program Files\Musicnotes\npmusicn.dll No File
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files\Musicnotes\npsibelius.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.6 - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\Extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com [2013-11-29]
FF Extension: DownloadHelper - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: NoScript - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-15]
FF Extension: Adblock Plus - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\xiirwy68.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [toolbar@web.de] - C:\Program Files\WEB.DE Toolbar IE8\Firefox\WEBDE_toolbar

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: de.search.yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Relevant-Knowledge) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins/rlcm.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Angry Birds) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-12-07]
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-12-25]
CHR Extension: (Plus-HD-2.6) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl [2013-10-07]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR HKLM\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-06-11]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 lmhosts; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1740600 2013-08-30] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
S3 Cam5607; C:\windows\System32\Drivers\BisonC07.sys [1168880 2009-06-25] (Bison Electronics. Inc. )
R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2010-01-06] ()
S3 MBAMSwissArmy; C:\windows\system32\drivers\mbamswissarmy.sys [40776 2013-12-19] (Malwarebytes Corporation)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-09-22] ()
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 TPPWRIF; C:\windows\_tpb0000.tmp\TPPWRIF.sys [4442 2006-09-21] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
R3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U3 ahwj5dy8; C:\windows\system32\Drivers\ahwj5dy8.sys [0 ] (Microsoft Corporation)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-12 20:52 - 2014-03-12 20:52 - 00025631 _____ () C:\Users\Sarah\Downloads\FRST.txt
2014-03-12 20:52 - 2014-03-12 20:52 - 00000000 ____D () C:\FRST
2014-03-12 20:51 - 2014-03-12 20:51 - 01145856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe
2014-03-05 00:01 - 2014-03-11 19:08 - 00000000 ___RD () C:\Users\Sarah\Dropbox
2014-03-05 00:01 - 2014-03-05 00:01 - 00001039 _____ () C:\Users\Sarah\Desktop\Dropbox.lnk
2014-03-05 00:00 - 2014-03-05 00:01 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\DropboxMaster
2014-03-05 00:00 - 2014-03-05 00:00 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-04 23:59 - 2014-03-11 19:09 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Dropbox
2014-03-04 23:59 - 2014-03-04 23:59 - 37660568 _____ (Dropbox, Inc.) C:\Users\Sarah\Downloads\Dropbox 2.6.2.exe
2014-02-21 11:39 - 2014-02-21 11:39 - 00283256 _____ (Mozilla) C:\Users\Sarah\Downloads\Firefox Setup Stub 27.0.1.exe

==================== One Month Modified Files and Folders =======

2014-03-12 20:52 - 2014-03-12 20:52 - 00025631 _____ () C:\Users\Sarah\Downloads\FRST.txt
2014-03-12 20:52 - 2014-03-12 20:52 - 00000000 ____D () C:\FRST
2014-03-12 20:51 - 2014-03-12 20:51 - 01145856 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe
2014-03-12 20:35 - 2010-01-06 13:36 - 01050013 _____ () C:\windows\WindowsUpdate.log
2014-03-12 20:21 - 2013-10-07 15:49 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 20:16 - 2013-02-24 16:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-12 20:04 - 2013-09-17 20:10 - 00035464 _____ () C:\windows\setupact.log
2014-03-12 18:31 - 2010-09-23 20:42 - 00000000 ____D () C:\Users\Sarah\Tracing
2014-03-12 14:21 - 2013-10-07 15:49 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-12 13:54 - 2013-06-22 10:33 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Spotify
2014-03-12 01:00 - 2013-02-24 16:16 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-03-12 01:00 - 2011-07-17 07:15 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 19:09 - 2014-03-04 23:59 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Dropbox
2014-03-11 19:08 - 2014-03-05 00:01 - 00000000 ___RD () C:\Users\Sarah\Dropbox
2014-03-11 18:42 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 18:42 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 18:39 - 2009-11-16 13:06 - 01650920 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-11 18:35 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-10 18:50 - 2013-06-22 10:34 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Spotify
2014-03-06 11:32 - 2013-06-15 10:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-05 18:01 - 2011-06-05 18:04 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\vlc
2014-03-05 14:16 - 2013-09-17 18:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-05 00:02 - 2009-07-14 05:52 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-03-05 00:01 - 2014-03-05 00:01 - 00001039 _____ () C:\Users\Sarah\Desktop\Dropbox.lnk
2014-03-05 00:01 - 2014-03-05 00:00 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\DropboxMaster
2014-03-05 00:01 - 2010-09-22 07:57 - 00000000 ____D () C:\Users\Sarah
2014-03-05 00:00 - 2014-03-05 00:00 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-04 23:59 - 2014-03-04 23:59 - 37660568 _____ (Dropbox, Inc.) C:\Users\Sarah\Downloads\Dropbox 2.6.2.exe
2014-03-04 21:46 - 2013-10-07 15:50 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-03 09:06 - 2009-07-14 05:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-21 11:39 - 2014-02-21 11:39 - 00283256 _____ (Mozilla) C:\Users\Sarah\Downloads\Firefox Setup Stub 27.0.1.exe

Some content of TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\5E26.exe
C:\Users\Sarah\AppData\Local\Temp\APNStub.exe
C:\Users\Sarah\AppData\Local\Temp\AutoRun.exe
C:\Users\Sarah\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Sarah\AppData\Local\Temp\avgnt.exe
C:\Users\Sarah\AppData\Local\Temp\conduit.exe
C:\Users\Sarah\AppData\Local\Temp\contentDATs.exe
C:\Users\Sarah\AppData\Local\Temp\DeleteEcUninstall.exe
C:\Users\Sarah\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Sarah\AppData\Local\Temp\drm_dyndata_7260005.dll
C:\Users\Sarah\AppData\Local\Temp\drm_dyndata_7360010.dll
C:\Users\Sarah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppxaffy.dll
C:\Users\Sarah\AppData\Local\Temp\ffunzip.exe
C:\Users\Sarah\AppData\Local\Temp\First15.exe
C:\Users\Sarah\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Users\Sarah\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Sarah\AppData\Local\Temp\GLF8422.tmp.tbsoft.dll
C:\Users\Sarah\AppData\Local\Temp\GLFB5BE.tmp.ConduitEngineSetup.exe
C:\Users\Sarah\AppData\Local\Temp\GLFD3C9.tmp.tbooVo.dll
C:\Users\Sarah\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Sarah\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Sarah\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Sarah\AppData\Local\Temp\ooVoo_Video_Chat.exe
C:\Users\Sarah\AppData\Local\Temp\prxGLF4251.tmp.tbooVo.dll
C:\Users\Sarah\AppData\Local\Temp\prxGLFFCA4.tmp.tbElf_.dll
C:\Users\Sarah\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Sarah\AppData\Local\Temp\setup.exe
C:\Users\Sarah\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sarah\AppData\Local\Temp\softonic-de3.exe
C:\Users\Sarah\AppData\Local\Temp\tbElf_.dll
C:\Users\Sarah\AppData\Local\Temp\VP6Install.exe
C:\Users\Sarah\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

Code:
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer Driver Add-On Module V2.00 (HKLM\...\CANONIJINBOXADDON200) (Version:  - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP540 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series) (Version:  - )
Conduit Engine (HKLM\...\conduitEngine) (Version: 6.2.7.3 - Conduit Ltd.) <==== ATTENTION
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.4.0 - Conexant)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Die Sims™ 2 Super Deluxe (HKLM\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.5 - Lenovo)
FoxTab PDF Creator (HKCU\...\FoxTab PDF Creator) (Version:  - ) <==== ATTENTION
Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.)
GeoGebra WebStart (HKCU\...\GeoGebra WebStart) (Version:  - International GeoGebra Institute)
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.32.2018.03 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{FEB0DF27-B5A5-41C2-87A8-523A9DA8702E}) (Version: 2.1.003.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 17.0.7 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0.7 (x86 de)) (Version: 17.0.7 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC-Doctor für Windows (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5426.03 - PC-Doctor, Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.5 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.5.158 - Skype Technologies S.A.)
Softonic toolbar  on IE and Chrome (HKLM\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.89 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WEB.DE Toolbar MSVC90 CRT (Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2010-01-06 13:44 - 2008-12-20 04:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2010-01-06 13:44 - 2008-12-20 04:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2014-03-11 19:08 - 2014-03-11 19:08 - 00041984 _____ () c:\users\sarah\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppxaffy.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Sarah\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-17 19:52 - 2014-03-05 14:16 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-12 01:00 - 2014-03-12 01:00 - 16276872 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-06-30 15:41 - 2013-06-30 15:41 - 02244504 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2013-06-30 15:41 - 2013-06-30 15:41 - 00158104 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2013-06-30 15:41 - 2013-06-30 15:41 - 00022424 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase6_18_erinnerung.lnk => C:\windows\pss\phase6_18_erinnerung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SweetIM => C:\Program Files\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files\Lenovo\VeriFace\PManage.exe

==================== Faulty Device Manager Devices =============

Name: Lenovo EasyCamera
Description: Lenovo EasyCamera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Bison
Service: Cam5607
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2014 03:58:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/10/2014 10:08:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (03/10/2014 10:08:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (03/10/2014 10:03:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/28/2014 01:15:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0xd98
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (02/25/2014 10:14:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Name des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Ausnahmecode: 0x40000015
Fehleroffset: 0x000180f0
ID des fehlerhaften Prozesses: 0xec4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_70.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_70.exe3

Error: (02/25/2014 10:00:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Name des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Ausnahmecode: 0x40000015
Fehleroffset: 0x000180f0
ID des fehlerhaften Prozesses: 0xaa0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_70.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_70.exe3

Error: (02/25/2014 09:50:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Name des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Ausnahmecode: 0x40000015
Fehleroffset: 0x000180f0
ID des fehlerhaften Prozesses: 0x98c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_70.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_70.exe3

Error: (02/25/2014 09:05:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Name des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Ausnahmecode: 0x40000015
Fehleroffset: 0x000180f0
ID des fehlerhaften Prozesses: 0x288
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_70.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_70.exe3

Error: (02/25/2014 08:04:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Name des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe, Version: 12.0.0.70, Zeitstempel: 0x53016278
Ausnahmecode: 0x40000015
Fehleroffset: 0x000180f0
ID des fehlerhaften Prozesses: 0x594
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_70.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_70.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_70.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_70.exe3


System errors:
=============
Error: (03/10/2014 07:45:12 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/04/2014 08:36:53 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎03.‎03.‎2014 um 18:22:26 unerwartet heruntergefahren.

Error: (03/03/2014 09:06:15 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎03.‎03.‎2014 um 00:43:51 unerwartet heruntergefahren.

Error: (02/18/2014 07:51:42 PM) (Source: Service Control Manager) (User: )
Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/16/2014 04:27:56 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/05/2014 05:08:52 AM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{66768503-5AA7-40A6-AD8B-CEE98040326D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (02/04/2014 05:56:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde nicht richtig gestartet.

Error: (02/04/2014 05:49:36 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/04/2014 01:17:20 AM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{66768503-5AA7-40A6-AD8B-CEE98040326D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (02/03/2014 03:48:29 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (03/12/2014 03:58:04 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\totalcmd\TCUNIN64.EXE

Error: (03/10/2014 10:08:19 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (03/10/2014 10:08:18 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (03/10/2014 10:03:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\totalcmd\TCUNIN64.EXE

Error: (02/28/2014 01:15:19 PM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a8d9801cf347e5d70455eC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dllfca11230-a071-11e3-8722-002622e15fa1

Error: (02/25/2014 10:14:36 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_70.exe12.0.0.7053016278FlashPlayerPlugin_12_0_0_70.exe12.0.0.705301627840000015000180f0ec401cf326ca7b8cbccC:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeC:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exed3b27371-9e61-11e3-9d90-002622e15fa1

Error: (02/25/2014 10:00:43 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_70.exe12.0.0.7053016278FlashPlayerPlugin_12_0_0_70.exe12.0.0.705301627840000015000180f0aa001cf326b3da1acc5C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeC:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exee34e3e4f-9e5f-11e3-9d90-002622e15fa1

Error: (02/25/2014 09:50:34 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_70.exe12.0.0.7053016278FlashPlayerPlugin_12_0_0_70.exe12.0.0.705301627840000015000180f098c01cf3264fef68116C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeC:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe78199d2a-9e5e-11e3-9d90-002622e15fa1

Error: (02/25/2014 09:05:51 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_70.exe12.0.0.7053016278FlashPlayerPlugin_12_0_0_70.exe12.0.0.705301627840000015000180f028801cf325c7aed4de3C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeC:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe395f5613-9e58-11e3-9d90-002622e15fa1

Error: (02/25/2014 08:04:53 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_70.exe12.0.0.7053016278FlashPlayerPlugin_12_0_0_70.exe12.0.0.705301627840000015000180f059401cf324e8830036aC:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeC:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exeb4d77b24-9e4f-11e3-9d90-002622e15fa1


==================== Memory info ===========================

Percentage of memory in use: 72%
Total physical RAM: 3004.6 MB
Available physical RAM: 821.36 MB
Total Pagefile: 6007.49 MB
Available Pagefile: 2995.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:420.56 GB) (Free:161.55 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:22.74 GB) NTFS
Drive z: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================
ok und wie geht es weiter? :-)

M-K-D-B 13.03.2014 20:35
Servus,



Zitat:
Zitat von sarah96 (Beitrag 1267132)
ok und wie geht es weiter? :-)
wir beginnen erst mal so:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

M-K-D-B 17.03.2014 19:26
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19