Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.03.2014, 03:34   #1
tokaidô
 
PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



Hallo,

Wie bereits in der Überschrift erwähnt, spielt mein PC seit zwei Tagen nachts die Tonspur von Werbespots ab. Während dies geschieht ist kein Fenster oder Tab in meinem Internetbrowser (Firefox 27) geöffnet, in dem ein Webefilm abläuft. Ich würde nun wirklich gerne wissen, mit welchem Wurm/Virus/Trojaner diese merkwürdigen und auch leicht unheimlichen (vor allem mitten in der Nacht) Vorkommnisse im Zusammenhang stehen. Ein Scann mit Avira Free Antivirus zeigt mir nämlich "0 Funde" an, was allerdings nicht bedeutet, dass mein PC sich nicht doch irgendwie etwas eingefangen hat. Ich habe den PC auch nochmals mit HighjackThis gescannt. Das Logfile poste ich weiter unten.
Da ich leider nicht sonderlich viel Ahnung von Computern habe, hoffe ich jemand in diesem Forum kann mir irgendwie weiterhelfen.
Danke im Voraus.

PS: Wäre es sinnvoll, falls ein Neuaufsetzen des Betriebssystem nötig sein sollte, ein Linux basiertes Betriebssystem auszuwählen? Ich habe gelesen, dass dafür im Netz angeblich kaum Viren rumschwirren sollen.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:02:15, on 29.03.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16540)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\fsc-reg\fscreg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\conime.exe
C:\Users\Sandra\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe

O1 - Hosts: ::1 localhost
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [recinfo518] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20110608
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: hxxp://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll
O18 - Protocol hijack: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol hijack: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6}
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol hijack: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UCManSvc - Paltiosoft Inc. - C:\Program Files\SoftDenchi\UCManSvc.exe

--
End of file - 9842 bytes

Alt 29.03.2014, 07:28   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 29.03.2014, 17:55   #3
tokaidô
 
PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



Hi,

danke für die Info, sorry.

Hier nochmal das Logfile von HighjackThis. Weiter unten folgen die Logfiles FRST.txt und ADDITION.txt. Leider habe ich es nicht geschafft weitere mit GMER zu erstellen weil Aivra Free Antivirus mich den Virenscanner abschalten lässt.

[CODE]
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:12:25, on 29.03.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16540)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\fsc-reg\fscreg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\conime.exe
C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe
C:\Users\Sandra\AppData\Local\Temp\OCS\ocs_v71a.exe
C:\Users\Sandra\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe

O1 - Hosts: ::1 localhost
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [recinfo518] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20110608
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: hxxp://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UCManSvc - Paltiosoft Inc. - C:\Program Files\SoftDenchi\UCManSvc.exe

--
End of file - 8442 bytes
         
--- --- ---



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Sandra (administrator) on GREYGROVES-PC on 29-03-2014 06:25:08
Running from C:\Users\Sandra\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
() C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Fujitsu Siemens Computers) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
(Paltiosoft Inc.) C:\Program Files\SoftDenchi\UCManSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Fujitsu Siemens Computers) C:\ProgramData\fsc-reg\fscreg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4399104 2007-03-13] (Realtek Semiconductor)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [recinfo518] - c:\RecInfo\RecInfo.exe [2764800 2007-10-23] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [IR_SERVER] - C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [fsc-reg] - C:\ProgramData\fsc-reg\fscreg.exe [533264 2007-11-08] (Fujitsu Siemens Computers)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [BitTorrent] - "C:\Program Files\BitTorrent\BitTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {35120929-95dd-11e0-a2f4-00030d7ba2a3} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {6a94ad7f-a7be-11e3-879b-00030d7ba2a3} - G:\install.exe
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {b81f2b63-2ff4-11e2-a0fc-00030d7ba2a3} - G:\Startme.exe
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40AB67D1647BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP669FCDA1-BC22-4A2F-A615-33489BE4AD95&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP669FCDA1-BC22-4A2F-A615-33489BE4AD95&q={searchTerms}&SSPV=
SearchScopes: HKCU - {DDF40AA0-165A-41B9-B2F8-439648D6642E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=337B8A12-C019-43BD-94E6-76431D8802C0&apn_sauid=02853706-2902-47A9-AF0E-9B91B1AD271F
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\ich@maltegoetz.de [2013-12-13]
FF Extension: WOT - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: DownloadHelper - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: BrowserProtect - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\browserprotect@browserprotect.com.xpi [2011-06-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Easy YouTube Video Downloader - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-05-06]
FF Extension: Adblock Plus - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-08]
FF Extension: BetterPrivacy - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-06-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-03-14]
FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files\Iminent\webbooster@iminent.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Sandra at 2014-03-29 06:26:20
Running from C:\Users\Sandra\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft)
Avira (Version: 1.0.5186.22941 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.1.15.0 - Swiss Academic Software)
Citrix Presentation Server Client - Nur Web (HKLM\...\{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}) (Version: 10.150.58643 - Citrix Systems, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
DVBT Driver (Version: 1.1.3.1 - ) Hidden
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
Freemake Video Converter Version 3.2.1 (HKLM\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
FSCLounge (HKLM\...\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}) (Version: 1.0.0 - Fujitsu Siemens Computers)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 38 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.380 - Oracle)
Juniper Networks Network Connect 7.2.0 (HKLM\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.21697 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.3.7.38707 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PC Connectivity Solution (HKLM\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)
REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
sdrt(5.0, 32bit) (HKLM\...\{63A3DBCF-FB40-4398-9AE5-94EE6206CE12}) (Version: 5.0.3.0 - Paltiosoft Inc.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 4.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
咎狗の血 (HKLM\...\{F004C3DF-05BA-48AA-98E4-22A7F686AD1F}) (Version:  - )

==================== Restore Points  =========================

11-03-2014 19:00:37 Windows Update
18-03-2014 15:39:34 Windows Update
18-03-2014 19:00:31 Windows Update
20-03-2014 10:26:24 Geplanter Prüfpunkt
21-03-2014 19:38:50 Geplanter Prüfpunkt
24-03-2014 15:43:36 Geplanter Prüfpunkt
25-03-2014 17:00:43 Windows Update
25-03-2014 17:10:09 Sony Ericsson PC Suite Drivers
26-03-2014 16:51:45 Geplanter Prüfpunkt
29-03-2014 00:57:21 削除済み sweet pool

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25D733D0-33FF-41FB-8FE8-B898F5C682AA} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-18] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4048BD3F-4ED3-4756-84E8-4C1A1D8A8BFF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {75754DEC-EC39-48FB-AA43-E7213F3FBDB4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {D2DFE275-B841-477D-922E-73FA68D25E21} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {D7F9574A-B2F8-464F-A84B-D94C6A614A3C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-06-07] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-11 07:57 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2007-06-04 14:20 - 2007-06-04 14:20 - 00065536 _____ () C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
2007-08-27 09:54 - 2007-08-27 09:54 - 00155648 _____ () C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWUpdater\0.18\FSCWUpdater.dll
2011-06-13 11:05 - 2014-03-29 05:56 - 00176128 _____ () C:\Windows\assembly\GAC_MSIL\FSCWCOM\1.0.0.0__8a33c55e43c2707f\FSCWCOM.dll
2011-06-13 11:05 - 2014-03-29 05:56 - 05881856 _____ () C:\Windows\assembly\GAC_MSIL\FSCWorld\6.0.6000.0__8a33c55e43c2707f\FSCWorld.dll
2011-06-13 11:05 - 2014-03-29 05:56 - 00040960 _____ () C:\Windows\assembly\GAC_MSIL\iFSCWTransfer\1.0.0.0__8a33c55e43c2707f\iFSCWTransfer.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00111696 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00061520 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-11 07:59 - 2014-03-14 12:46 - 00049744 _____ () C:\Users\Sandra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2012-11-16 18:17 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2012-11-16 18:17 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 13:54 - 2011-07-07 13:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2013-04-19 10:32 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2012-11-16 18:17 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2013-01-09 12:11 - 2013-01-09 12:11 - 00599040 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2012-09-12 21:09 - 2007-04-19 08:33 - 00035584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
2011-06-10 07:14 - 2009-04-10 22:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2013-08-02 22:56 - 2008-11-26 15:59 - 00131584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2013-08-02 22:56 - 2008-10-22 15:01 - 00200704 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2012-11-16 18:17 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2011-01-17 15:19 - 2011-06-07 21:08 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-02-15 10:54 - 2014-02-15 10:54 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Sandra\Documents\The Chemical Brothers - Swoon.mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2014 06:24:15 AM) (Source: Application Hang) (User: )
Description: Programm FRST.exe, Version 3.3.10.2 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 134
Anfangszeit: 01cf4b0e097829d5
Zeitpunkt der Beendigung: 56

Error: (03/29/2014 01:57:13 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {40cef7c3-c59d-42f3-8ceb-8afbb95073af}

Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 04:41:56 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 27.0.1.5156 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 13d0
Anfangszeit: 01cf4753151b39cc
Zeitpunkt der Beendigung: 1174

Error: (03/24/2014 02:40:26 AM) (Source: UCManSvc) (User: )
Description: Not terminated. ({0100166B-072D-6839-9E9F-006052036AD8}, 00090B58)


System errors:
=============
Error: (03/25/2014 06:11:56 PM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (03/25/2014 06:07:36 PM) (Source: Service Control Manager) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0%%1053

Error: (03/25/2014 06:07:35 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Presentation Foundation Font Cache 4.0.0.0

Error: (03/25/2014 04:43:30 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (03/18/2014 03:26:35 PM) (Source: Service Control Manager) (User: )
Description: Avira Service Host1100001Neustart des Diensts

Error: (03/13/2014 06:54:10 PM) (Source: Service Control Manager) (User: )
Description: 30000UCManSvc

Error: (03/09/2014 07:40:56 PM) (Source: Service Control Manager) (User: )
Description: UCManSvc

Error: (03/09/2014 06:59:43 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (02/21/2014 10:58:15 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (02/21/2014 10:57:45 PM) (Source: Service Control Manager) (User: )
Description: 30000Wlansvc


Microsoft Office Sessions:
=========================
Error: (03/29/2014 06:24:15 AM) (Source: Application Hang)(User: )
Description: FRST.exe3.3.10.213401cf4b0e097829d556

Error: (03/29/2014 01:57:13 AM) (Source: VSS)(User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {40cef7c3-c59d-42f3-8ceb-8afbb95073af}

Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-BACKUP

Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK

Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK

Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK

Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK

Error: (03/25/2014 04:41:56 AM) (Source: Application Hang)(User: )
Description: firefox.exe27.0.1.515613d001cf4753151b39cc1174

Error: (03/24/2014 02:40:26 AM) (Source: UCManSvc)(User: )
Description: Not terminated. ({0100166B-072D-6839-9E9F-006052036AD8}, 00090B58)


CodeIntegrity Errors:
===================================
  Date: 2012-12-03 23:13:47.935
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:47.143
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:32.788
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:31.958
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:27.512
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:26.560
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:25.719
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:24.628
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:23.627
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:22.743
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 72%
Total physical RAM: 2037.7 MB
Available physical RAM: 555.83 MB
Total Pagefile: 4316.41 MB
Available Pagefile: 2498.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.46 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:148.59 GB) (Free:44.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:36.2 GB) (Free:29.29 GB) NTFS
Drive f: (Volume) (Fixed) (Total:36.09 GB) (Free:16.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 95CF9DF0)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=36 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=36 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Ups, ich meinte natürlich, ich konnte keine weiteren Logfiles mit GMER erstellen, weil Avira mich den Virenscanner NICHT abschalten lässt.

Zitat:
Zitat von tokaidô Beitrag anzeigen
Hi,

danke für die Info, sorry.

Hier nochmal das Logfile von HighjackThis. Weiter unten folgen die Logfiles FRST.txt und ADDITION.txt. Leider habe ich es nicht geschafft weitere mit GMER zu erstellen weil Aivra Free Antivirus mich den Virenscanner abschalten lässt.

[CODE]
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:12:25, on 29.03.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16540)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\fsc-reg\fscreg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\conime.exe
C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe
C:\Users\Sandra\AppData\Local\Temp\OCS\ocs_v71a.exe
C:\Users\Sandra\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe

O1 - Hosts: ::1 localhost
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [recinfo518] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20110608
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: hxxp://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FSCLBaseUpdaterService - Unknown owner - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UCManSvc - Paltiosoft Inc. - C:\Program Files\SoftDenchi\UCManSvc.exe

--
End of file - 8442 bytes
         
--- --- ---



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Sandra (administrator) on GREYGROVES-PC on 29-03-2014 06:25:08
Running from C:\Users\Sandra\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
() C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Fujitsu Siemens Computers) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
(Paltiosoft Inc.) C:\Program Files\SoftDenchi\UCManSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Fujitsu Siemens Computers) C:\ProgramData\fsc-reg\fscreg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4399104 2007-03-13] (Realtek Semiconductor)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [recinfo518] - c:\RecInfo\RecInfo.exe [2764800 2007-10-23] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [IR_SERVER] - C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [fsc-reg] - C:\ProgramData\fsc-reg\fscreg.exe [533264 2007-11-08] (Fujitsu Siemens Computers)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [BitTorrent] - "C:\Program Files\BitTorrent\BitTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {35120929-95dd-11e0-a2f4-00030d7ba2a3} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {6a94ad7f-a7be-11e3-879b-00030d7ba2a3} - G:\install.exe
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {b81f2b63-2ff4-11e2-a0fc-00030d7ba2a3} - G:\Startme.exe
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40AB67D1647BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP669FCDA1-BC22-4A2F-A615-33489BE4AD95&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP669FCDA1-BC22-4A2F-A615-33489BE4AD95&q={searchTerms}&SSPV=
SearchScopes: HKCU - {DDF40AA0-165A-41B9-B2F8-439648D6642E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=337B8A12-C019-43BD-94E6-76431D8802C0&apn_sauid=02853706-2902-47A9-AF0E-9B91B1AD271F
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\ich@maltegoetz.de [2013-12-13]
FF Extension: WOT - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: DownloadHelper - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: BrowserProtect - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\browserprotect@browserprotect.com.xpi [2011-06-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Easy YouTube Video Downloader - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-05-06]
FF Extension: Adblock Plus - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-08]
FF Extension: BetterPrivacy - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-06-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-03-14]
FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files\Iminent\webbooster@iminent.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Sandra at 2014-03-29 06:26:20
Running from C:\Users\Sandra\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft)
Avira (Version: 1.0.5186.22941 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.1.15.0 - Swiss Academic Software)
Citrix Presentation Server Client - Nur Web (HKLM\...\{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}) (Version: 10.150.58643 - Citrix Systems, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
DVBT Driver (Version: 1.1.3.1 - ) Hidden
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
Freemake Video Converter Version 3.2.1 (HKLM\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
FSCLounge (HKLM\...\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}) (Version: 1.0.0 - Fujitsu Siemens Computers)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 38 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.380 - Oracle)
Juniper Networks Network Connect 7.2.0 (HKLM\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.21697 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.3.7.38707 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PC Connectivity Solution (HKLM\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)
REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
sdrt(5.0, 32bit) (HKLM\...\{63A3DBCF-FB40-4398-9AE5-94EE6206CE12}) (Version: 5.0.3.0 - Paltiosoft Inc.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 4.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
咎狗の血 (HKLM\...\{F004C3DF-05BA-48AA-98E4-22A7F686AD1F}) (Version:  - )

==================== Restore Points  =========================

11-03-2014 19:00:37 Windows Update
18-03-2014 15:39:34 Windows Update
18-03-2014 19:00:31 Windows Update
20-03-2014 10:26:24 Geplanter Prüfpunkt
21-03-2014 19:38:50 Geplanter Prüfpunkt
24-03-2014 15:43:36 Geplanter Prüfpunkt
25-03-2014 17:00:43 Windows Update
25-03-2014 17:10:09 Sony Ericsson PC Suite Drivers
26-03-2014 16:51:45 Geplanter Prüfpunkt
29-03-2014 00:57:21 削除済み sweet pool

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25D733D0-33FF-41FB-8FE8-B898F5C682AA} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-18] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4048BD3F-4ED3-4756-84E8-4C1A1D8A8BFF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {75754DEC-EC39-48FB-AA43-E7213F3FBDB4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {D2DFE275-B841-477D-922E-73FA68D25E21} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {D7F9574A-B2F8-464F-A84B-D94C6A614A3C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-06-07] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-11 07:57 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2007-06-04 14:20 - 2007-06-04 14:20 - 00065536 _____ () C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
2007-08-27 09:54 - 2007-08-27 09:54 - 00155648 _____ () C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWUpdater\0.18\FSCWUpdater.dll
2011-06-13 11:05 - 2014-03-29 05:56 - 00176128 _____ () C:\Windows\assembly\GAC_MSIL\FSCWCOM\1.0.0.0__8a33c55e43c2707f\FSCWCOM.dll
2011-06-13 11:05 - 2014-03-29 05:56 - 05881856 _____ () C:\Windows\assembly\GAC_MSIL\FSCWorld\6.0.6000.0__8a33c55e43c2707f\FSCWorld.dll
2011-06-13 11:05 - 2014-03-29 05:56 - 00040960 _____ () C:\Windows\assembly\GAC_MSIL\iFSCWTransfer\1.0.0.0__8a33c55e43c2707f\iFSCWTransfer.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00111696 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00061520 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-11 07:59 - 2014-03-14 12:46 - 00049744 _____ () C:\Users\Sandra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2012-11-16 18:17 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2012-11-16 18:17 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 13:54 - 2011-07-07 13:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2013-04-19 10:32 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2012-11-16 18:17 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2013-01-09 12:11 - 2013-01-09 12:11 - 00599040 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2012-09-12 21:09 - 2007-04-19 08:33 - 00035584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
2011-06-10 07:14 - 2009-04-10 22:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2013-08-02 22:56 - 2008-11-26 15:59 - 00131584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2013-08-02 22:56 - 2008-10-22 15:01 - 00200704 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2012-11-16 18:17 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2011-01-17 15:19 - 2011-06-07 21:08 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-02-15 10:54 - 2014-02-15 10:54 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Sandra\Documents\The Chemical Brothers - Swoon.mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2014 06:24:15 AM) (Source: Application Hang) (User: )
Description: Programm FRST.exe, Version 3.3.10.2 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 134
Anfangszeit: 01cf4b0e097829d5
Zeitpunkt der Beendigung: 56

Error: (03/29/2014 01:57:13 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {40cef7c3-c59d-42f3-8ceb-8afbb95073af}

Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/25/2014 04:41:56 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 27.0.1.5156 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 13d0
Anfangszeit: 01cf4753151b39cc
Zeitpunkt der Beendigung: 1174

Error: (03/24/2014 02:40:26 AM) (Source: UCManSvc) (User: )
Description: Not terminated. ({0100166B-072D-6839-9E9F-006052036AD8}, 00090B58)


System errors:
=============
Error: (03/25/2014 06:11:56 PM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (03/25/2014 06:07:36 PM) (Source: Service Control Manager) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0%%1053

Error: (03/25/2014 06:07:35 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Presentation Foundation Font Cache 4.0.0.0

Error: (03/25/2014 04:43:30 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (03/18/2014 03:26:35 PM) (Source: Service Control Manager) (User: )
Description: Avira Service Host1100001Neustart des Diensts

Error: (03/13/2014 06:54:10 PM) (Source: Service Control Manager) (User: )
Description: 30000UCManSvc

Error: (03/09/2014 07:40:56 PM) (Source: Service Control Manager) (User: )
Description: UCManSvc

Error: (03/09/2014 06:59:43 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (02/21/2014 10:58:15 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (02/21/2014 10:57:45 PM) (Source: Service Control Manager) (User: )
Description: 30000Wlansvc


Microsoft Office Sessions:
=========================
Error: (03/29/2014 06:24:15 AM) (Source: Application Hang)(User: )
Description: FRST.exe3.3.10.213401cf4b0e097829d556

Error: (03/29/2014 01:57:13 AM) (Source: VSS)(User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {40cef7c3-c59d-42f3-8ceb-8afbb95073af}

Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (03/25/2014 06:17:32 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0QI1B2E2.DEFAULT\SAFEBROWSING-BACKUP

Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK

Error: (03/25/2014 06:17:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\SONY PC COMPANION 2.1.LNK

Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK

Error: (03/25/2014 06:17:27 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SONY\SONY PC COMPANION\DEINSTALLIEREN.LNK

Error: (03/25/2014 04:41:56 AM) (Source: Application Hang)(User: )
Description: firefox.exe27.0.1.515613d001cf4753151b39cc1174

Error: (03/24/2014 02:40:26 AM) (Source: UCManSvc)(User: )
Description: Not terminated. ({0100166B-072D-6839-9E9F-006052036AD8}, 00090B58)


CodeIntegrity Errors:
===================================
  Date: 2012-12-03 23:13:47.935
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:47.143
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:32.788
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:31.958
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:27.512
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:26.560
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:25.719
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:24.628
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:23.627
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-03 23:13:22.743
  Description: Die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht uberpruft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 72%
Total physical RAM: 2037.7 MB
Available physical RAM: 555.83 MB
Total Pagefile: 4316.41 MB
Available Pagefile: 2498.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.46 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:148.59 GB) (Free:44.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:36.2 GB) (Free:29.29 GB) NTFS
Drive f: (Volume) (Fixed) (Total:36.09 GB) (Free:16.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 95CF9DF0)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=36 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=36 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---
__________________

Alt 30.03.2014, 08:41   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.04.2014, 05:37   #5
tokaidô
 
PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



Hi,

ich habe den Scan mit Combofix durchgeführt. Zunächst hatte ich jedoch folgende Meldung erhalten : Current date is 2014-04 02. Combofiy has expired click 'Yes' to run in reduced functioning mode. Click 'No' to exit.

Um den Scanprozess zu beginnen blieb mir nichts anderes als mit 'Yes' zu bestätigen. Ich hoffe, dass das keine negativen Auswirkungen hatte.

Hier also das Logfile:

Code:
ATTFilter
ComboFix 14-03-24.01 - Sandra 02.04.2014  18:14:24.1.2 - x86
Running from: F:\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sandra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-02 to 2014-04-02  )))))))))))))))))))))))))))))))
.
.
2014-04-01 18:55 . 2014-03-07 04:35	7969936	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CE67F4D-C422-4EC7-8425-4C338C444409}\mpengine.dll
2014-03-29 05:19 . 2014-03-29 05:29	--------	d-----w-	C:\FRST
2014-03-18 01:34 . 2014-03-18 01:35	--------	d-----w-	c:\users\Sandra\dwhelper
2014-03-17 19:01 . 2014-03-17 19:01	--------	d-----w-	c:\users\Sandra\AppData\Local\Skype
2014-03-17 19:01 . 2014-03-17 19:01	--------	d-----w-	c:\program files\Common Files\Skype
2014-03-12 10:57 . 2014-03-18 11:55	--------	d-----w-	C:\OETemp
2014-03-11 17:45 . 2014-02-03 10:37	505344	----a-w-	c:\windows\system32\qedit.dll
2014-03-11 07:05 . 2014-03-11 07:05	--------	d-----w-	c:\users\Sandra\AppData\Roaming\Avira
2014-03-11 06:57 . 2014-02-25 10:41	90400	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-03-11 06:57 . 2014-02-25 10:41	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-03-11 06:57 . 2014-02-25 10:41	135648	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-03-11 06:54 . 2014-03-31 17:58	--------	d-----w-	c:\program files\Avira
2014-03-11 06:54 . 2014-03-31 17:56	--------	d-----w-	c:\programdata\Package Cache
2014-03-09 19:20 . 2014-03-09 19:20	243128	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2014-03-09 18:55 . 2005-05-26 14:34	2297552	----a-w-	c:\windows\system32\d3dx9_26.dll
2014-03-09 18:53 . 2014-03-09 18:54	--------	d--h--w-	c:\windows\msdownld.tmp
2014-03-09 18:44 . 2014-03-20 23:21	--------	d-----w-	c:\users\Sandra\AppData\Roaming\NitroplusCHiRAL
2014-03-09 18:40 . 2014-03-09 18:46	--------	d-----w-	c:\programdata\Paltiosoft
2014-03-09 18:40 . 2014-03-09 18:40	--------	d-----w-	c:\windows\ucharge
2014-03-09 18:40 . 2014-03-09 20:34	--------	d-----w-	c:\program files\SoftDenchi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 03:19 . 2012-06-14 01:12	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-12 03:19 . 2011-06-08 18:15	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 05:40 . 2014-03-11 19:04	1129472	----a-w-	c:\windows\system32\wininet.dll
2014-02-23 05:37 . 2014-03-11 19:04	421376	----a-w-	c:\windows\system32\vbscript.dll
2014-02-14 06:23 . 2014-02-14 06:23	324096	----a-w-	c:\windows\system32\drivers\sptd.sys
2014-02-07 10:38 . 2014-03-11 17:45	2050560	----a-w-	c:\windows\system32\win32k.sys
2014-01-30 07:46 . 2014-03-11 17:45	876032	----a-w-	c:\windows\system32\wer.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-13 4399104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"recinfo518"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-03-25 173136]
.
c:\users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-16 113664]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-9-12 268864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35120929-95dd-11e0-a2f4-00030d7ba2a3}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a94ad7f-a7be-11e3-879b-00030d7ba2a3}]
\shell\AutoRun\command - G:\install.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b81f2b63-2ff4-11e2-a0fc-00030d7ba2a3}]
\shell\AutoRun\command - G:\Startme.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 03:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
HKLM-Run-IR_SERVER - c:\progra~1\Realtek\REALTE~1\IR_SERVER.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-04-02 18:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\SoftDenchi\UCManSvc.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sdclt.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2014-04-02  18:30:13 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-02 16:30
.
Pre-Run: 23 Verzeichnis(se), 48.295.677.952 Bytes frei
Post-Run: 27 Verzeichnis(se), 49.830.383.616 Bytes frei
.
- - End Of File - - A9729A4041989D533EB9BAC579F53070
5C616939100B85E558DA92B899A0FC36
         
Viele Grüße und danke für die Hilfe.


Alt 03.04.2014, 13:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



passt

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt

Alt 04.04.2014, 19:33   #7
tokaidô
 
PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



Hi,

hier also die Logfiles zu den oben angegebenen Programmen. Alle schienen normal zu laufen, bis auf JTR. Hier hatte ich zunächst kein Logfile erhalten! Ich habe danach aber noch ein zweites Mal mit JTR gescannt und so endlich doch noch ein Logfile erhalten.

Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 04.04.2014
Scan Time: 17:13:15
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.04.03
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Sandra

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 231816
Time Elapsed: 29 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [20e056aa8f714bb55929f64bee14a759], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [1de3d32de0202bd58102f64bdf2339c7], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, , [5ca457a9f907a45c0e5ba3cb03ff5ca4], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1905741696-764202892-769940338-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, , [6f91ca3689773ec2fe6c244aab57ed13], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.OpenCandy, C:\Users\Sandra\AppData\Roaming\OpenCandy, , [42be12eec937f30df6f0a5ae4eb452ae], 
PUP.Optional.OpenCandy, C:\Users\Sandra\AppData\Roaming\OpenCandy\E41F76A6074B4B798F5E84723E395E52, , [42be12eec937f30df6f0a5ae4eb452ae], 

Files: 3
PUP.Optional.OpenCandy, C:\Users\Sandra\Downloads\DTLite4481-0347.exe, , [17e940c0e8184fb11d0ddc5b8b796b95], 
PUP.Optional.Conduit.A, C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\conduit-search.xml, , [2bd5f40c9e6214ec79c0174b679b08f8], 
PUP.Optional.OpenCandy, C:\Users\Sandra\AppData\Roaming\OpenCandy\E41F76A6074B4B798F5E84723E395E52\TuneUpUtilities2013_2200218_de-DE.exe, , [42be12eec937f30df6f0a5ae4eb452ae], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 04/04/2014 um 18:06:23
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Sandra - GREYGROVES-PC
# Gestartet von : F:\adwcleaner.exe
# Option : Loschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Geloscht : C:\ProgramData\boost_interprocess
Ordner Geloscht : C:\Windows\system32\SearchProtect
Ordner Geloscht : C:\Users\Sandra\AppData\Roaming\dvdvideosoftiehelpers
Datei Geloscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\browserprotect@browserprotect.com.xpi
Datei Geloscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\11-suche.xml
Datei Geloscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\Askcom.xml
Datei Geloscht : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Verknupfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Geloscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlussel Geloscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlussel Geloscht : HKCU\Software\OCS
Schlussel Geloscht : HKCU\Software\Softonic
Schlussel Geloscht : HKCU\Software\YahooPartnerToolbar
Schlussel Geloscht : HKLM\Software\Trymedia Systems
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlussel Geloscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlussel Geloscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7220 octets] - [04/04/2014 17:47:30]
AdwCleaner[S0].txt - [7147 octets] - [04/04/2014 18:06:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7207 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sandra on 04.04.2014 at 19:03:02,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DDF40AA0-165A-41B9-B2F8-439648D6642E}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\0qi1b2e2.default\minidumps [420 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2014 at 19:13:14,82
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Sandra (administrator) on GREYGROVES-PC on 04-04-2014 18:40:18
Running from C:\Users\Sandra\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
() C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Fujitsu Siemens Computers) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
(Paltiosoft Inc.) C:\Program Files\SoftDenchi\UCManSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Fujitsu Siemens Computers) C:\ProgramData\fsc-reg\fscreg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4399104 2007-03-14] (Realtek Semiconductor)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [recinfo518] - c:\RecInfo\RecInfo.exe [2764800 2007-10-23] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [fsc-reg] - C:\ProgramData\fsc-reg\fscreg.exe [533264 2007-11-08] (Fujitsu Siemens Computers)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {35120929-95dd-11e0-a2f4-00030d7ba2a3} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {6a94ad7f-a7be-11e3-879b-00030d7ba2a3} - G:\install.exe
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {b81f2b63-2ff4-11e2-a0fc-00030d7ba2a3} - G:\Startme.exe
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40AB67D1647BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {DDF40AA0-165A-41B9-B2F8-439648D6642E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=337B8A12-C019-43BD-94E6-76431D8802C0&apn_sauid=02853706-2902-47A9-AF0E-9B91B1AD271F
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\ich@maltegoetz.de [2013-12-13]
FF Extension: WOT - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: DownloadHelper - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Easy YouTube Video Downloader - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-05-06]
FF Extension: Adblock Plus - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-08]
FF Extension: BetterPrivacy - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-06-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-03-14]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll No File
CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09]
CHR Extension: (YouTube) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]
CHR Extension: (Google-Suche) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]
CHR Extension: (Google Mail) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [683696 2012-08-24] (Juniper Networks)
R2 FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [65536 2007-06-04] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers)
R2 UCManSvc; C:\Program Files\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.)
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-08-24] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-03-09] (Disc Soft Ltd)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188520 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [42728 2011-06-13] (Realtek)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-14] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 18:16 - 2014-04-04 18:16 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 17:47 - 2014-04-04 18:06 - 00000000 ____D () C:\AdwCleaner
2014-04-04 16:37 - 2014-04-04 18:33 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-04 16:36 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 16:36 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 16:36 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 03:15 - 2014-04-03 03:15 - 00010150 _____ () C:\ComboFix.txt
2014-04-02 18:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-02 18:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-02 18:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-02 18:07 - 2014-04-02 18:07 - 00007534 _____ () C:\Users\Sandra\Documents\gmer logfile.log
2014-04-02 17:44 - 2014-04-02 17:44 - 00380416 _____ () C:\Users\Sandra\Downloads\xbhmbskk.exe
2014-04-02 16:27 - 2014-04-03 03:15 - 00000000 ____D () C:\Qoobox
2014-04-02 16:27 - 2014-04-02 18:27 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 20:30 - 2014-03-31 20:30 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix(1).exe
2014-03-31 20:11 - 2014-03-31 20:12 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe
2014-03-29 09:06 - 2014-03-29 09:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 07:21 - 2014-03-29 07:29 - 00025541 _____ () C:\Users\Sandra\Downloads\Addition.txt
2014-03-29 07:19 - 2014-04-04 18:40 - 00018574 _____ () C:\Users\Sandra\Downloads\FRST.txt
2014-03-29 07:19 - 2014-04-04 18:40 - 00000000 ____D () C:\FRST
2014-03-29 06:23 - 2014-04-02 15:44 - 00000526 _____ () C:\Users\Sandra\Downloads\defogger_disable.log
2014-03-29 06:23 - 2014-03-29 06:23 - 00000176 _____ () C:\Users\Sandra\defogger_reenable
2014-03-29 06:17 - 2014-03-29 06:17 - 01145856 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00380416 _____ () C:\Users\Sandra\Downloads\05ics8ji.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00050477 _____ () C:\Users\Sandra\Downloads\Defogger.exe
2014-03-29 04:02 - 2014-03-29 04:02 - 00009843 _____ () C:\Users\Sandra\Documents\hijackthis.log
2014-03-29 02:46 - 2014-03-29 02:47 - 25454040 _____ (Mozilla) C:\Users\Sandra\Downloads\WEB.DE_Firefox_Setup.exe
2014-03-29 02:37 - 2014-03-29 02:37 - 05329480 _____ (Secunia) C:\Users\Sandra\Downloads\PSISetup.exe
2014-03-29 02:14 - 2014-03-29 02:14 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sandra\Downloads\HijackThis - CHIP-Downloader.exe
2014-03-28 21:01 - 2013-11-20 09:22 - 00031465 _____ () C:\Users\Sandra\Downloads\The Walking Dead - 4x01 - 30 Days Without an Accident.HDTV.x264-ASAP.en.srt
2014-03-28 21:00 - 2014-03-28 21:00 - 00012387 _____ () C:\Users\Sandra\Downloads\The Walking Dead_4x01_HDTV.x264-ASAP.en.zip
2014-03-18 03:34 - 2014-03-18 03:35 - 00000000 ____D () C:\Users\Sandra\dwhelper
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-12 01:25 - 2014-03-12 01:25 - 01145470 _____ () C:\Users\Sandra\Downloads\It - Stephen King.epub
2014-03-11 21:04 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 21:04 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 21:04 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 21:04 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 21:04 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 21:04 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 21:04 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-11 21:04 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 21:04 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-11 21:04 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 21:04 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-11 21:04 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 19:45 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 19:45 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 19:45 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 19:45 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-11 09:05 - 2014-03-11 09:05 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-03-11 08:57 - 2014-02-25 12:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-11 08:57 - 2014-02-25 12:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-11 08:57 - 2014-02-25 12:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-11 08:57 - 2014-02-25 12:41 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-03-11 08:54 - 2014-03-31 19:58 - 00000000 ____D () C:\Program Files\Avira
2014-03-11 08:54 - 2014-03-31 19:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-11 00:51 - 2014-03-11 00:51 - 04051872 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sandra\Downloads\avira_de_av___ws.exe
2014-03-10 02:30 - 2012-07-21 13:19 - 00000000 ____D () C:\Users\Sandra\Downloads\TNC English Patch (1.0)
2014-03-10 02:25 - 2014-03-10 02:25 - 10008444 _____ () C:\Users\Sandra\Downloads\TNC English Patch (1.0).rar
2014-03-09 21:27 - 2005-02-24 17:04 - 00002581 _____ () C:\Program Files\system.pak
2014-03-09 21:27 - 2005-02-24 16:20 - 00939028 _____ () C:\Program Files\script.pak
2014-03-09 21:27 - 2005-02-24 16:20 - 00034088 _____ () C:\Program Files\0cg.pak
2014-03-09 21:20 - 2014-03-09 21:20 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-03-09 20:56 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-03-09 20:56 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-03-09 20:56 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-03-09 20:56 - 2010-05-26 12:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-03-09 20:56 - 2010-05-26 12:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-03-09 20:56 - 2010-05-26 12:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-03-09 20:56 - 2010-05-26 12:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-03-09 20:56 - 2010-05-26 12:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-03-09 20:56 - 2010-02-04 11:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-03-09 20:56 - 2010-02-04 11:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-03-09 20:56 - 2010-02-04 11:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-03-09 20:56 - 2010-02-04 11:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-03-09 20:56 - 2009-09-04 18:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-03-09 20:56 - 2009-09-04 18:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-03-09 20:56 - 2009-09-04 18:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-03-09 20:56 - 2009-09-04 18:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-03-09 20:56 - 2009-09-04 18:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-03-09 20:56 - 2009-09-04 18:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-03-09 20:56 - 2009-09-04 18:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-03-09 20:56 - 2009-09-04 18:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-03-09 20:56 - 2009-03-16 15:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-03-09 20:56 - 2009-03-16 15:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-03-09 20:56 - 2009-03-16 15:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-03-09 20:56 - 2008-10-27 11:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-03-09 20:56 - 2008-10-27 11:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-03-09 20:56 - 2008-10-27 11:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-03-09 20:56 - 2008-10-27 11:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-03-09 20:56 - 2008-10-10 05:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-03-09 20:56 - 2008-10-10 05:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-03-09 20:56 - 2008-10-10 05:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-03-09 20:56 - 2008-07-31 11:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-03-09 20:56 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-03-09 20:56 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-03-09 20:56 - 2008-07-10 12:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-03-09 20:56 - 2008-07-10 12:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-03-09 20:56 - 2008-07-10 12:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-03-09 20:56 - 2008-05-30 15:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-03-09 20:56 - 2008-05-30 15:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-03-09 20:56 - 2008-05-30 15:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-03-09 20:56 - 2008-05-30 15:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-03-09 20:56 - 2008-05-30 15:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-03-09 20:56 - 2008-05-30 15:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-03-09 20:56 - 2008-05-30 15:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-03-09 20:56 - 2008-03-05 17:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-03-09 20:56 - 2008-03-05 17:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-03-09 20:56 - 2008-03-05 17:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-03-09 20:56 - 2008-03-05 16:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-03-09 20:56 - 2008-03-05 16:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-03-09 20:56 - 2008-02-06 00:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-03-09 20:56 - 2007-10-22 04:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-03-09 20:56 - 2007-10-22 04:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-03-09 20:56 - 2007-10-12 16:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-03-09 20:56 - 2007-10-12 16:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-03-09 20:56 - 2007-10-02 10:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-03-09 20:56 - 2007-07-20 01:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-03-09 20:56 - 2007-07-19 19:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-03-09 20:56 - 2007-07-19 19:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-03-09 20:56 - 2007-07-19 19:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-03-09 20:56 - 2007-06-20 21:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-03-09 20:56 - 2007-05-16 17:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-03-09 20:56 - 2007-05-16 17:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-03-09 20:56 - 2007-05-16 17:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-03-09 20:56 - 2007-04-04 19:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-03-09 20:56 - 2007-03-15 17:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-03-09 20:56 - 2007-03-12 17:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-03-09 20:56 - 2007-03-12 17:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-03-09 20:56 - 2007-03-05 13:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-03-09 20:56 - 2007-01-24 16:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-03-09 20:56 - 2006-12-08 13:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-03-09 20:56 - 2006-11-29 14:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-03-09 20:56 - 2006-11-29 14:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-03-09 20:56 - 2006-09-28 17:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-03-09 20:56 - 2006-09-28 17:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-03-09 20:56 - 2006-07-28 10:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-03-09 20:56 - 2006-07-28 10:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-03-09 20:56 - 2006-05-31 08:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-03-09 20:56 - 2006-03-31 13:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-03-09 20:56 - 2006-03-31 13:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-03-09 20:55 - 2006-03-31 13:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-03-09 20:55 - 2006-02-03 09:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-03-09 20:55 - 2006-02-03 09:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-03-09 20:55 - 2006-02-03 09:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-03-09 20:55 - 2005-12-05 19:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-03-09 20:55 - 2005-07-22 20:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-03-09 20:55 - 2005-05-26 16:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-03-09 20:55 - 2005-03-18 18:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-03-09 20:55 - 2005-02-05 20:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-03-09 20:53 - 2014-03-09 20:56 - 00000000 ____D () C:\Windows\system32\directx
2014-03-09 20:53 - 2014-03-09 20:54 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-09 20:53 - 2014-03-09 20:53 - 00292184 _____ (Microsoft Corporation) C:\Users\Sandra\Downloads\dxwebsetup.exe
2014-03-09 20:44 - 2014-03-21 01:21 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\NitroplusCHiRAL
2014-03-09 20:40 - 2014-03-09 22:34 - 00000000 ____D () C:\Program Files\SoftDenchi
2014-03-09 20:40 - 2014-03-09 20:46 - 00000000 ____D () C:\ProgramData\Paltiosoft
2014-03-09 20:40 - 2014-03-09 20:40 - 00000000 ____D () C:\Windows\ucharge
2014-03-09 20:39 - 2014-03-09 22:33 - 00000000 ____D () C:\Users\Sandra\Downloads\sdrt5030
2014-03-09 20:36 - 2014-03-09 20:37 - 22319750 _____ () C:\Users\Sandra\Downloads\DMMd - Patches.zip
2014-03-09 20:34 - 2014-03-09 20:34 - 17236171 _____ () C:\Users\Sandra\Downloads\sdrt5030.exe

==================== One Month Modified Files and Folders =======

2014-04-04 18:40 - 2014-03-29 07:19 - 00018574 _____ () C:\Users\Sandra\Downloads\FRST.txt
2014-04-04 18:40 - 2014-03-29 07:19 - 00000000 ____D () C:\FRST
2014-04-04 18:33 - 2014-04-04 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 18:29 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 18:29 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 18:29 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 18:28 - 2011-06-07 15:10 - 02007597 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 18:28 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-04 18:19 - 2008-01-31 06:51 - 00321098 _____ () C:\Windows\PFRO.log
2014-04-04 18:16 - 2014-04-04 18:16 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 18:06 - 2014-04-04 17:47 - 00000000 ____D () C:\AdwCleaner
2014-04-04 17:36 - 2006-11-02 12:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 17:25 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-04 17:19 - 2012-06-14 03:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-04 16:19 - 2012-05-20 17:37 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Skype
2014-04-03 03:15 - 2014-04-03 03:15 - 00010150 _____ () C:\ComboFix.txt
2014-04-03 03:15 - 2014-04-02 16:27 - 00000000 ____D () C:\Qoobox
2014-04-03 03:08 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-02 18:30 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-02 18:27 - 2014-04-02 16:27 - 00000000 ____D () C:\Windows\erdnt
2014-04-02 18:07 - 2014-04-02 18:07 - 00007534 _____ () C:\Users\Sandra\Documents\gmer logfile.log
2014-04-02 17:44 - 2014-04-02 17:44 - 00380416 _____ () C:\Users\Sandra\Downloads\xbhmbskk.exe
2014-04-02 15:44 - 2014-03-29 06:23 - 00000526 _____ () C:\Users\Sandra\Downloads\defogger_disable.log
2014-03-31 20:30 - 2014-03-31 20:30 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix(1).exe
2014-03-31 20:12 - 2014-03-31 20:11 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe
2014-03-31 19:58 - 2014-03-11 08:54 - 00000000 ____D () C:\Program Files\Avira
2014-03-31 19:56 - 2014-03-11 08:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-29 17:52 - 2012-05-02 03:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 09:06 - 2014-03-29 09:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 07:29 - 2014-03-29 07:21 - 00025541 _____ () C:\Users\Sandra\Downloads\Addition.txt
2014-03-29 06:23 - 2014-03-29 06:23 - 00000176 _____ () C:\Users\Sandra\defogger_reenable
2014-03-29 06:23 - 2011-06-07 15:15 - 00000000 ____D () C:\Users\Sandra
2014-03-29 06:17 - 2014-03-29 06:17 - 01145856 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00380416 _____ () C:\Users\Sandra\Downloads\05ics8ji.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00050477 _____ () C:\Users\Sandra\Downloads\Defogger.exe
2014-03-29 04:02 - 2014-03-29 04:02 - 00009843 _____ () C:\Users\Sandra\Documents\hijackthis.log
2014-03-29 03:01 - 2014-02-14 07:36 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\uTorrent
2014-03-29 03:01 - 2012-08-12 14:42 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-03-29 02:58 - 2011-06-07 17:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-29 02:47 - 2014-03-29 02:46 - 25454040 _____ (Mozilla) C:\Users\Sandra\Downloads\WEB.DE_Firefox_Setup.exe
2014-03-29 02:37 - 2014-03-29 02:37 - 05329480 _____ (Secunia) C:\Users\Sandra\Downloads\PSISetup.exe
2014-03-29 02:14 - 2014-03-29 02:14 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sandra\Downloads\HijackThis - CHIP-Downloader.exe
2014-03-28 21:00 - 2014-03-28 21:00 - 00012387 _____ () C:\Users\Sandra\Downloads\The Walking Dead_4x01_HDTV.x264-ASAP.en.zip
2014-03-26 06:00 - 2011-06-17 09:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc
2014-03-25 19:12 - 2011-11-26 16:50 - 00479222 _____ () C:\Windows\DPINST.LOG
2014-03-21 01:21 - 2014-03-09 20:44 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\NitroplusCHiRAL
2014-03-21 01:13 - 2014-02-15 00:06 - 00000000 ____D () C:\Users\Sandra\dramatical muder
2014-03-18 21:07 - 2013-07-17 20:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:01 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-18 03:35 - 2014-03-18 03:34 - 00000000 ____D () C:\Users\Sandra\dwhelper
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-17 21:01 - 2012-05-20 17:36 - 00000000 ___RD () C:\Program Files\Skype
2014-03-17 21:01 - 2012-05-20 17:36 - 00000000 ____D () C:\ProgramData\Skype
2014-03-12 10:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-12 09:42 - 2006-11-02 14:47 - 00348056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 05:19 - 2012-06-14 03:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 05:19 - 2011-06-08 20:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 01:25 - 2014-03-12 01:25 - 01145470 _____ () C:\Users\Sandra\Downloads\It - Stephen King.epub
2014-03-11 21:03 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-11 09:05 - 2014-03-11 09:05 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-03-11 08:57 - 2012-06-02 11:38 - 00000000 ____D () C:\ProgramData\Avira
2014-03-11 00:51 - 2014-03-11 00:51 - 04051872 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sandra\Downloads\avira_de_av___ws.exe
2014-03-10 02:25 - 2014-03-10 02:25 - 10008444 _____ () C:\Users\Sandra\Downloads\TNC English Patch (1.0).rar
2014-03-10 00:23 - 2011-06-08 22:49 - 00000000 ____D () C:\Program Files\NitroplusCHiRAL
2014-03-10 00:16 - 2011-06-08 22:34 - 00003299 _____ () C:\Windows\DirectX.log
2014-03-09 22:53 - 2011-06-07 15:16 - 00086816 _____ () C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-09 22:34 - 2014-03-09 20:40 - 00000000 ____D () C:\Program Files\SoftDenchi
2014-03-09 22:33 - 2014-03-09 20:39 - 00000000 ____D () C:\Users\Sandra\Downloads\sdrt5030
2014-03-09 21:20 - 2014-03-09 21:20 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-03-09 21:20 - 2014-02-14 08:21 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2014-03-09 20:56 - 2014-03-09 20:53 - 00000000 ____D () C:\Windows\system32\directx
2014-03-09 20:55 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-09 20:54 - 2014-03-09 20:53 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-03-09 20:53 - 2014-03-09 20:53 - 00292184 _____ (Microsoft Corporation) C:\Users\Sandra\Downloads\dxwebsetup.exe
2014-03-09 20:46 - 2014-03-09 20:40 - 00000000 ____D () C:\ProgramData\Paltiosoft
2014-03-09 20:40 - 2014-03-09 20:40 - 00000000 ____D () C:\Windows\ucharge
2014-03-09 20:37 - 2014-03-09 20:36 - 22319750 _____ () C:\Users\Sandra\Downloads\DMMd - Patches.zip
2014-03-09 20:34 - 2014-03-09 20:34 - 17236171 _____ () C:\Users\Sandra\Downloads\sdrt5030.exe
2014-03-05 09:26 - 2014-04-04 16:36 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-04 16:36 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-04 16:36 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Users\Sandra\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\temp\avgnt.exe
C:\Users\Sandra\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-04 18:38

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Ich hoffe, das ist OK so.

Alt 05.04.2014, 12:00   #8
schrauber
/// the machine
/// TB-Ausbilder
 

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.04.2014, 11:29   #9
tokaidô
 
PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



Hi,

Ich habe alle drei Anwendungen laufen lassen, hatte aber Probleme mit Eset. Der Scan mit dem Programm hat über zehn Stunden gedauert und danach nicht mal ein logfile hinterlassen. Ich hab keine Ahnung was da schief gegangen ist.

SecurityCheck log:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
 Windows Vista Service Pack 2 x86   
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 38  
 Java 7 Update 51  
 Adobe Flash Player 	12.0.0.77  
 Mozilla Firefox (28.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 OnlineDiagnostic TestManager TestHandler.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Sandra (administrator) on GREYGROVES-PC on 09-04-2014 11:15:50
Running from C:\Users\Sandra\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
() C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Fujitsu Siemens Computers) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
(Paltiosoft Inc.) C:\Program Files\SoftDenchi\UCManSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Fujitsu Siemens Computers) C:\ProgramData\fsc-reg\fscreg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\ipmGui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4399104 2007-03-14] (Realtek Semiconductor)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [recinfo518] - c:\RecInfo\RecInfo.exe [2764800 2007-10-23] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [fsc-reg] - C:\ProgramData\fsc-reg\fscreg.exe [533264 2007-11-08] (Fujitsu Siemens Computers)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {6a94ad7f-a7be-11e3-879b-00030d7ba2a3} - G:\install.exe
HKU\S-1-5-21-1905741696-764202892-769940338-1000\...\MountPoints2: {b81f2b63-2ff4-11e2-a0fc-00030d7ba2a3} - G:\Startme.exe
Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40AB67D1647BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\ich@maltegoetz.de [2013-12-13]
FF Extension: WOT - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: DownloadHelper - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Easy YouTube Video Downloader - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-05-06]
FF Extension: Adblock Plus - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-06-08]
FF Extension: BetterPrivacy - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\0qi1b2e2.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-06-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-03-14]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll No File
CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09]
CHR Extension: (YouTube) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]
CHR Extension: (Google-Suche) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]
CHR Extension: (Google Mail) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [683696 2012-08-24] (Juniper Networks)
R2 FSCLBaseUpdaterService; C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [65536 2007-06-04] ()
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers)
R2 UCManSvc; C:\Program Files\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.)
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-08-24] (Juniper Networks)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-03-09] (Disc Soft Ltd)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
R3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188520 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [42728 2011-06-13] (Realtek)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-14] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 moufiltr; system32\DRIVERS\moufiltr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vhidmini; system32\DRIVERS\walvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 11:29 - 2014-04-08 11:29 - 00000000 ____D () C:\Program Files\ESET
2014-04-04 19:40 - 2014-04-04 19:57 - 00000000 _____ () C:\test.log
2014-04-04 18:16 - 2014-04-04 18:16 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 17:47 - 2014-04-04 18:06 - 00000000 ____D () C:\AdwCleaner
2014-04-04 16:37 - 2014-04-08 10:39 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-04 16:36 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 16:36 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-04 16:36 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 03:15 - 2014-04-03 03:15 - 00010150 _____ () C:\ComboFix.txt
2014-04-02 18:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-02 18:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-02 18:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-02 18:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-02 18:07 - 2014-04-02 18:07 - 00007534 _____ () C:\Users\Sandra\Documents\gmer logfile.log
2014-04-02 17:44 - 2014-04-02 17:44 - 00380416 _____ () C:\Users\Sandra\Downloads\xbhmbskk.exe
2014-04-02 16:27 - 2014-04-03 03:15 - 00000000 ____D () C:\Qoobox
2014-04-02 16:27 - 2014-04-02 18:27 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 20:30 - 2014-03-31 20:30 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix(1).exe
2014-03-31 20:11 - 2014-03-31 20:12 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe
2014-03-29 09:06 - 2014-03-29 09:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 07:21 - 2014-03-29 07:29 - 00025541 _____ () C:\Users\Sandra\Downloads\Addition.txt
2014-03-29 07:19 - 2014-04-09 11:15 - 00017817 _____ () C:\Users\Sandra\Downloads\FRST.txt
2014-03-29 07:19 - 2014-04-09 11:15 - 00000000 ____D () C:\FRST
2014-03-29 06:23 - 2014-04-02 15:44 - 00000526 _____ () C:\Users\Sandra\Downloads\defogger_disable.log
2014-03-29 06:23 - 2014-03-29 06:23 - 00000176 _____ () C:\Users\Sandra\defogger_reenable
2014-03-29 06:17 - 2014-03-29 06:17 - 01145856 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00380416 _____ () C:\Users\Sandra\Downloads\05ics8ji.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00050477 _____ () C:\Users\Sandra\Downloads\Defogger.exe
2014-03-29 04:02 - 2014-03-29 04:02 - 00009843 _____ () C:\Users\Sandra\Documents\hijackthis.log
2014-03-29 02:46 - 2014-03-29 02:47 - 25454040 _____ (Mozilla) C:\Users\Sandra\Downloads\WEB.DE_Firefox_Setup.exe
2014-03-29 02:37 - 2014-03-29 02:37 - 05329480 _____ (Secunia) C:\Users\Sandra\Downloads\PSISetup.exe
2014-03-29 02:14 - 2014-03-29 02:14 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sandra\Downloads\HijackThis - CHIP-Downloader.exe
2014-03-28 21:01 - 2013-11-20 09:22 - 00031465 _____ () C:\Users\Sandra\Downloads\The Walking Dead - 4x01 - 30 Days Without an Accident.HDTV.x264-ASAP.en.srt
2014-03-28 21:00 - 2014-03-28 21:00 - 00012387 _____ () C:\Users\Sandra\Downloads\The Walking Dead_4x01_HDTV.x264-ASAP.en.zip
2014-03-18 03:34 - 2014-03-18 03:35 - 00000000 ____D () C:\Users\Sandra\dwhelper
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-12 01:25 - 2014-03-12 01:25 - 01145470 _____ () C:\Users\Sandra\Downloads\It - Stephen King.epub
2014-03-11 21:04 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 21:04 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 21:04 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 21:04 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 21:04 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 21:04 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 21:04 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-11 21:04 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 21:04 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 21:04 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-11 21:04 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 21:04 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-11 21:04 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 19:45 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 19:45 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 19:45 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 19:45 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-11 09:05 - 2014-03-11 09:05 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-03-11 08:57 - 2014-02-25 12:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-11 08:57 - 2014-02-25 12:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-11 08:57 - 2014-02-25 12:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-11 08:57 - 2014-02-25 12:41 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-03-11 08:54 - 2014-03-31 19:58 - 00000000 ____D () C:\Program Files\Avira
2014-03-11 08:54 - 2014-03-31 19:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-11 00:51 - 2014-03-11 00:51 - 04051872 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sandra\Downloads\avira_de_av___ws.exe
2014-03-10 02:30 - 2012-07-21 13:19 - 00000000 ____D () C:\Users\Sandra\Downloads\TNC English Patch (1.0)
2014-03-10 02:25 - 2014-03-10 02:25 - 10008444 _____ () C:\Users\Sandra\Downloads\TNC English Patch (1.0).rar

==================== One Month Modified Files and Folders =======

2014-04-09 11:16 - 2014-03-29 07:19 - 00017817 _____ () C:\Users\Sandra\Downloads\FRST.txt
2014-04-09 11:15 - 2014-03-29 07:19 - 00000000 ____D () C:\FRST
2014-04-09 10:36 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:36 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:19 - 2012-06-14 03:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 21:59 - 2011-06-07 15:10 - 02079121 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 20:03 - 2006-11-02 12:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 11:29 - 2014-04-08 11:29 - 00000000 ____D () C:\Program Files\ESET
2014-04-08 10:39 - 2014-04-04 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 10:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 02:14 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 02:13 - 2012-05-20 17:37 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Skype
2014-04-04 19:57 - 2014-04-04 19:40 - 00000000 _____ () C:\test.log
2014-04-04 18:19 - 2008-01-31 06:51 - 00321098 _____ () C:\Windows\PFRO.log
2014-04-04 18:16 - 2014-04-04 18:16 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 18:06 - 2014-04-04 17:47 - 00000000 ____D () C:\AdwCleaner
2014-04-04 17:28 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 16:36 - 2014-04-04 16:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-03 03:15 - 2014-04-03 03:15 - 00010150 _____ () C:\ComboFix.txt
2014-04-03 03:15 - 2014-04-02 16:27 - 00000000 ____D () C:\Qoobox
2014-04-03 03:08 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-02 18:30 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-02 18:27 - 2014-04-02 16:27 - 00000000 ____D () C:\Windows\erdnt
2014-04-02 18:07 - 2014-04-02 18:07 - 00007534 _____ () C:\Users\Sandra\Documents\gmer logfile.log
2014-04-02 17:44 - 2014-04-02 17:44 - 00380416 _____ () C:\Users\Sandra\Downloads\xbhmbskk.exe
2014-04-02 15:44 - 2014-03-29 06:23 - 00000526 _____ () C:\Users\Sandra\Downloads\defogger_disable.log
2014-03-31 20:30 - 2014-03-31 20:30 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix(1).exe
2014-03-31 20:12 - 2014-03-31 20:11 - 05192353 _____ (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe
2014-03-31 19:58 - 2014-03-11 08:54 - 00000000 ____D () C:\Program Files\Avira
2014-03-31 19:56 - 2014-03-11 08:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-29 17:52 - 2012-05-02 03:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 09:06 - 2014-03-29 09:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 07:29 - 2014-03-29 07:21 - 00025541 _____ () C:\Users\Sandra\Downloads\Addition.txt
2014-03-29 06:23 - 2014-03-29 06:23 - 00000176 _____ () C:\Users\Sandra\defogger_reenable
2014-03-29 06:23 - 2011-06-07 15:15 - 00000000 ____D () C:\Users\Sandra
2014-03-29 06:17 - 2014-03-29 06:17 - 01145856 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00380416 _____ () C:\Users\Sandra\Downloads\05ics8ji.exe
2014-03-29 06:17 - 2014-03-29 06:17 - 00050477 _____ () C:\Users\Sandra\Downloads\Defogger.exe
2014-03-29 04:02 - 2014-03-29 04:02 - 00009843 _____ () C:\Users\Sandra\Documents\hijackthis.log
2014-03-29 03:01 - 2014-02-14 07:36 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\uTorrent
2014-03-29 03:01 - 2012-08-12 14:42 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-03-29 02:58 - 2011-06-07 17:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-29 02:47 - 2014-03-29 02:46 - 25454040 _____ (Mozilla) C:\Users\Sandra\Downloads\WEB.DE_Firefox_Setup.exe
2014-03-29 02:37 - 2014-03-29 02:37 - 05329480 _____ (Secunia) C:\Users\Sandra\Downloads\PSISetup.exe
2014-03-29 02:14 - 2014-03-29 02:14 - 00613200 _____ (Chip Digital GmbH) C:\Users\Sandra\Downloads\HijackThis - CHIP-Downloader.exe
2014-03-28 21:00 - 2014-03-28 21:00 - 00012387 _____ () C:\Users\Sandra\Downloads\The Walking Dead_4x01_HDTV.x264-ASAP.en.zip
2014-03-26 06:00 - 2011-06-17 09:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc
2014-03-25 19:12 - 2011-11-26 16:50 - 00479222 _____ () C:\Windows\DPINST.LOG
2014-03-21 01:21 - 2014-03-09 20:44 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\NitroplusCHiRAL
2014-03-21 01:13 - 2014-02-15 00:06 - 00000000 ____D () C:\Users\Sandra\dramatical muder
2014-03-18 21:07 - 2013-07-17 20:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:01 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-18 03:35 - 2014-03-18 03:34 - 00000000 ____D () C:\Users\Sandra\dwhelper
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype
2014-03-17 21:01 - 2014-03-17 21:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-17 21:01 - 2012-05-20 17:36 - 00000000 ___RD () C:\Program Files\Skype
2014-03-17 21:01 - 2012-05-20 17:36 - 00000000 ____D () C:\ProgramData\Skype
2014-03-12 10:00 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-03-12 09:42 - 2006-11-02 14:47 - 00348056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 05:19 - 2012-06-14 03:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 05:19 - 2011-06-08 20:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 01:25 - 2014-03-12 01:25 - 01145470 _____ () C:\Users\Sandra\Downloads\It - Stephen King.epub
2014-03-11 21:03 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-11 09:05 - 2014-03-11 09:05 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-03-11 08:57 - 2012-06-02 11:38 - 00000000 ____D () C:\ProgramData\Avira
2014-03-11 00:51 - 2014-03-11 00:51 - 04051872 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sandra\Downloads\avira_de_av___ws.exe
2014-03-10 02:25 - 2014-03-10 02:25 - 10008444 _____ () C:\Users\Sandra\Downloads\TNC English Patch (1.0).rar
2014-03-10 00:23 - 2011-06-08 22:49 - 00000000 ____D () C:\Program Files\NitroplusCHiRAL
2014-03-10 00:16 - 2011-06-08 22:34 - 00003299 _____ () C:\Windows\DirectX.log

Files to move or delete:
====================
C:\Users\Sandra\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\temp\avgnt.exe
C:\Users\Sandra\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 10:49

==================== End Of Log ============================
         
--- --- ---


Danke für die Hilfe!

Alt 10.04.2014, 08:57   #10
schrauber
/// the machine
/// TB-Ausbilder
 

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



noch probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.04.2014, 22:44   #11
tokaidô
 
PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



Hi, danke. Es schein behoben zu sein. Sollte ich mein Betriebssystem neu aufsetzen?

LG und danke für Ihre Hilfe soweit.

Alt 18.04.2014, 17:56   #12
schrauber
/// the machine
/// TB-Ausbilder
 

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



Dann wäre unsre Arbeit umsonst gewesen.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.04.2014, 19:31   #13
tokaidô
 
PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



Hallo, danke für Ihre Hilfe und die Tips zur Systemabsicherung! Ich werde sie in Zukunft besser beherzigen, um solche lästigen Zwischenfälle möglichst zu vermeiden.

Liebe Grüße,
tôkaido

Alt 01.05.2014, 17:33   #14
schrauber
/// the machine
/// TB-Ausbilder
 

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Standard

PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt
acrobat update, antivirus, bho, browser, desktop, firefox, helper, highjackthis, hijackthis, internet explorer, mozilla, object, pup.optional.conduit.a, pup.optional.iminent.a, pup.optional.opencandy, scan, security, software, symantec, vista, windows



Ähnliche Themen: PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt


  1. Alphy Encryption Virus .exx files - Quelle?
    Diskussionsforum - 21.05.2015 (5)
  2. 100 Prozent CPU Auslastung; PC spielt plötzlich Sounds und Geräusche ab
    Plagegeister aller Art und deren Bekämpfung - 27.01.2015 (13)
  3. ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt
    Log-Analyse und Auswertung - 27.06.2013 (25)
  4. MSC unbekannt
    Alles rund um Windows - 20.06.2013 (3)
  5. Brief von Telekom Abuse - Internet Zugang Quelle von Massen eMails
    Log-Analyse und Auswertung - 12.03.2013 (24)
  6. Windows 7: Öfter Systemabsturz, Quelle: EventLog ID: 6008
    Alles rund um Windows - 13.12.2012 (30)
  7. Trojaner nach ominöser E-Mail von vertrauter Quelle?
    Log-Analyse und Auswertung - 14.09.2012 (25)
  8. WIN 7. Musik kommt aus unbekannter Quelle.
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (5)
  9. PC spielt plötzlich unbekannte Music ab!
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (0)
  10. ebay Account missbraucht, Quelle unbekannt.
    Plagegeister aller Art und deren Bekämpfung - 15.05.2010 (23)
  11. Zufällig abgespielte Sounds mit unbekannter Quelle.
    Plagegeister aller Art und deren Bekämpfung - 02.01.2010 (8)
  12. Quelle von Fake Tronajer-Warnungen finden
    Plagegeister aller Art und deren Bekämpfung - 26.07.2009 (6)
  13. ungewollte popups festplattencleaner.com; quelle.de; bwin.de
    Log-Analyse und Auswertung - 03.01.2008 (8)
  14. FireFox u. IE7 öffnen automatisch Werbungsite wie z.B Quelle
    Log-Analyse und Auswertung - 25.12.2007 (4)
  15. SYN-flood, suche nach Quelle
    Log-Analyse und Auswertung - 08.08.2006 (4)
  16. EScan zeigt Virus, aber nicht file-Quelle
    Plagegeister aller Art und deren Bekämpfung - 28.03.2005 (1)
  17. Quelle oder Zwischenlager eines Trojaners gefunden
    Log-Analyse und Auswertung - 21.09.2004 (2)

Zum Thema PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt - Hallo, Wie bereits in der Überschrift erwähnt, spielt mein PC seit zwei Tagen nachts die Tonspur von Werbespots ab. Während dies geschieht ist kein Fenster oder Tab in meinem Internetbrowser - PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt...
Archiv
Du betrachtest: PC spielt plötzlich Audiospuren von Werbefilmen ab, Quelle unbekannt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.