Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows Vista: Adware Elex und PUP.opencandy und desk 365 (PC shutdown)

Windows Vista: Adware Elex und PUP.opencandy und desk 365 (PC shutdown)


Plagegeister aller Art und deren Bekämpfung: Windows Vista: Adware Elex und PUP.opencandy und desk 365 (PC shutdown)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.09.2013, 13:34   #1
coyogini
 
Windows Vista: Adware Elex und PUP.opencandy und desk 365 (PC shutdown) - Standard

Windows Vista: Adware Elex und PUP.opencandy und desk 365 (PC shutdown)


Liebes Trojaner-Board Team

...nach nur 5 Monaten muss ich leider schon wieder eure Hilfe beanspruchen. Wieder keinen blassen Schimmer, wie/wo/warum, aber was ich mir eingefangen habe.

Mein Pc ist alt (2007) und drum dachte ich bei den Symptomen (Bildschirm startete langsam und in pink auf, verlangsamte Leistung, u machen, rechts/links Maustaste ausser Betrieb,Startseite kommt immer dieses V9 von Elex etc.), dass mein PC nun am Sterben ist. Gestern jedoch hatte ich den kompletten shutdown- nix ging mehr.
Heute schien er wieder keinen Wank zu tun, bis ich auf Grund der leisen Geräusche gemerkt habe, dass irgendetwas läuft, aber nix zu sehen ist auf dem Bildschirm.
Hab dann den Laptop am TV angeschlossen und nach sicher 15 Mal auf und abschalten sah ich, dass er aufstartet. Hab grad Malware gestartet und 8 Fehlermeldungen erhalten (gemäss Titel). Ich dachte eigentlich, ich hätte mich gem. euren Anleitungen im Rahmen meiner Möglichkeiten geschützt, aber hab mir wohl wieder einen Bug geholt.

Die erforderlichen logfiles also im Anhang.

Und wieder bin ich euch unendlich dankbar, wenn ihr mir bei der Beseitigung helfen könnt.

Liebe Grüsse
coyogini

MBAM logfile

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.02.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx [Administrator]

02.09.2013 07:48:22
MBAM-log-2013-09-02 (12-34-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224088
Laufzeit: 12 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365 (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.
C:\Users\xxx\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\xxx\AppData\Roaming\OpenCandy\4D8CB8EA1B0C41E18536E3456761E3F1 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\xxx\AppData\Roaming\OpenCandy\8AF4037F4B404E21BA3888312BA5907C (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

Infizierte Dateien: 4
C:\Users\xxx\AppData\Roaming\eIntaller\C393349DE05B4e58B21A8E21E0E76111\eGdpSvc.exe (Adware.Elex) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365\eUninstall.lnk (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.
C:\Users\xxx\AppData\Roaming\OpenCandy\4D8CB8EA1B0C41E18536E3456761E3F1\TuneUpUtilities2013-2200212_de-DE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\xxx\AppData\Roaming\OpenCandy\8AF4037F4B404E21BA3888312BA5907C\TuneUpUtilities2013-2200212_de-DE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)
Defogger logfile:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:43 on 02/09/2013 (Corinne)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Farbar FRST logfile:

Editor FRST
Code:
ATTFilter

	
Code: 

 
ATTFilter


  

	
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by xxx (administrator) on XXXX on 02-09-2013 12:47:03
Running from C:\Users\xxx\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Spotify Ltd) C:\Users\xxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(IDT, Inc.) C:\Windows\system32\STacSV.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-15] (Synaptics, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [ Malwarebytes Anti-Malware  (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-07] (IDT, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [418024 2013-03-05] (BillP Studios)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13793824 2009-06-16] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [92704 2009-06-16] (NVIDIA Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\xxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-06-27] (Spotify Ltd)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=SAMSUNGXHM250JI_S133JD0Q153418153418X&ts=1373733809
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=SAMSUNGXHM250JI_S133JD0Q153418153418X&ts=1373733809
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=SAMSUNGXHM250JI_S133JD0Q153418153418X&ts=1373733809
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://en.v9.com/?utm_source=b&utm_medium=stk&from=stk&uid=SAMSUNGXHM250JI_S133JD0Q153418153418X&ts=1373733809
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.v9.com/web/?utm_source=b&utm_medium=stk&from=stk&uid=SAMSUNGXHM250JI_S133JD0Q153418153418X&ts=1373733811
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.v9.com/web/?utm_source=b&utm_medium=stk&from=stk&uid=SAMSUNGXHM250JI_S133JD0Q153418153418X&ts=1373733811
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://sui.mail.afs.org/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\yqbzbd9p.default
FF DefaultSearchEngine: v9
FF SearchEngineOrder.1: v9
FF SelectedSearchEngine: v9
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\xxx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\xxx\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\xxx\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\v9.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\yqbzbd9p.default\Extensions\nostmp
FF Extension: Microsoft .NET Framework Assistant - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\yqbzbd9p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\yqbzbd9p.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\yqbzbd9p.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\yqbzbd9p.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\yqbzbd9p.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\yqbzbd9p.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\yqbzbd9p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome: 
=======

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-02] (Avira Operations GmbH & Co. KG)
S2 gupdate1ca6646b39a9424; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-11-16] (Google Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-07] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2013-03-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-22] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\xxx\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 StarOpen; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 12:46 - 2013-09-02 12:46 - 00000000 ____D C:\FRST
2013-09-02 12:43 - 2013-09-02 12:44 - 00000476 _____ C:\Users\xxx\Downloads\defogger_disable.log
2013-09-02 12:43 - 2013-09-02 12:43 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-09-02 12:42 - 2013-09-02 12:42 - 00050477 _____ C:\Users\xxx\Downloads\Defogger.exe
2013-09-02 07:42 - 2013-09-02 07:42 - 00275181 _____ C:\Users\xxx\Downloads\WindowsUpdateDiagnostic.diagcab
2013-09-01 18:06 - 2013-09-01 18:06 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-09-01 18:05 - 2013-09-01 18:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2013-09-01 18:03 - 2013-09-01 18:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2013-09-01 17:57 - 2009-09-10 04:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2013-09-01 17:57 - 2009-09-10 04:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2013-09-01 17:57 - 2009-09-10 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-01 17:56 - 2009-10-01 03:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2013-09-01 17:56 - 2009-10-01 03:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2013-09-01 17:56 - 2009-10-01 03:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2013-09-01 17:56 - 2009-10-01 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll
2013-09-01 17:56 - 2009-10-01 03:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2013-09-01 17:56 - 2009-10-01 03:01 - 00546816 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-09-01 17:56 - 2009-10-01 03:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2013-09-01 17:56 - 2009-10-01 03:01 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2013-09-01 17:56 - 2009-10-01 03:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2013-09-01 17:56 - 2009-10-01 03:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2013-09-01 17:56 - 2009-10-01 03:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2013-09-01 17:56 - 2009-10-01 03:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-09-01 17:56 - 2009-10-01 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2013-09-01 17:56 - 2009-10-01 03:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2013-09-01 17:56 - 2009-10-01 03:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUsb.sys
2013-09-01 17:56 - 2009-10-01 03:01 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\WpdConns.dll
2013-09-01 17:43 - 2012-07-26 05:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-09-01 17:43 - 2012-07-26 05:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-09-01 17:43 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-09-01 17:43 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-09-01 17:43 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-09-01 17:43 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-09-01 17:43 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-09-01 17:43 - 2012-07-26 04:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-09-01 17:43 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-09-01 17:43 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-09-01 17:43 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-09-01 17:43 - 2012-06-02 16:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-09-01 17:43 - 2009-07-14 14:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2013-09-01 17:42 - 2013-09-01 17:42 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2013-09-01 17:38 - 2009-10-09 23:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2013-09-01 17:38 - 2009-10-09 23:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2013-09-01 17:38 - 2009-10-09 23:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2013-09-01 17:38 - 2009-10-09 23:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2013-09-01 17:38 - 2009-10-09 23:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2013-09-01 17:38 - 2009-10-09 23:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2013-09-01 17:38 - 2009-10-09 23:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2013-09-01 17:38 - 2009-10-09 23:55 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2013-09-01 17:38 - 2009-10-09 23:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2013-09-01 17:38 - 2009-10-09 23:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2013-09-01 17:38 - 2009-10-09 23:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2013-09-01 17:38 - 2009-10-09 23:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2013-09-01 17:37 - 2009-10-09 23:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2013-09-01 17:37 - 2009-10-09 23:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2013-09-01 17:37 - 2009-10-09 23:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2013-09-01 17:37 - 2009-10-09 23:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2013-09-01 17:37 - 2009-10-09 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2013-09-01 17:37 - 2009-10-09 23:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2013-09-01 17:37 - 2009-08-01 08:27 - 00201184 _____ C:\Windows\system32\winrm.vbs
2013-09-01 17:37 - 2009-07-16 19:30 - 00004675 _____ C:\Windows\system32\wsmanconfig_schema.xml
2013-09-01 17:37 - 2009-07-16 19:30 - 00002426 _____ C:\Windows\system32\WsmTxt.xsl
2013-09-01 17:02 - 2013-09-01 17:02 - 02434048 _____ C:\Users\xxx\Downloads\msxml.msi
2013-08-27 20:33 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-26 16:32 - 2013-08-26 16:32 - 00000000 ____D C:\Users\xxx\Downloads\Pablo_Nouvelle
2013-08-18 08:29 - 2013-08-18 08:29 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-18 08:27 - 2013-08-18 08:29 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-18 08:27 - 2013-08-18 08:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-18 08:27 - 2013-08-18 08:27 - 00000000 ____D C:\Program Files\iPod
2013-08-17 07:53 - 2013-08-17 07:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 03:10 - 2013-08-15 03:13 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:05 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:05 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:05 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:05 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:05 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:05 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 03:05 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 03:05 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:05 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:05 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:05 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:05 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 03:05 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 03:05 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:05 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:05 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 22:20 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 22:20 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 22:20 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 22:20 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 22:20 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 22:19 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 22:19 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 22:19 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 22:19 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 22:19 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 22:19 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 22:19 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-12 10:15 - 2013-08-12 10:15 - 00139176 _____ C:\Windows\Minidump\Mini081213-01.dmp

==================== One Month Modified Files and Folders =======

2013-09-02 12:46 - 2013-09-02 12:46 - 01085803 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2013-09-02 12:46 - 2013-09-02 12:46 - 00000000 ____D C:\FRST
2013-09-02 12:44 - 2013-09-02 12:43 - 00000476 _____ C:\Users\xxx\Downloads\defogger_disable.log
2013-09-02 12:44 - 2009-11-16 01:03 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 12:43 - 2013-09-02 12:43 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-09-02 12:43 - 2008-04-10 13:30 - 00000000 ____D C:\Users\xxx
2013-09-02 12:42 - 2013-09-02 12:42 - 00050477 _____ C:\Users\xxx\Downloads\Defogger.exe
2013-09-02 12:35 - 2008-04-15 11:46 - 00000000 ____D C:\Users\xxx\Documents\Administration
2013-09-02 12:28 - 2012-06-14 07:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 12:21 - 2010-12-19 17:50 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681480420-307595169-1651927566-1000UA.job
2013-09-02 11:07 - 2006-11-02 14:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 11:07 - 2006-11-02 14:47 - 00003792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 07:47 - 2006-11-02 14:52 - 01887886 _____ C:\Windows\WindowsUpdate.log
2013-09-02 07:42 - 2013-09-02 07:42 - 00275181 _____ C:\Users\xxx\Downloads\WindowsUpdateDiagnostic.diagcab
2013-09-02 07:11 - 2013-03-25 08:27 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-09-02 07:09 - 2008-04-10 15:31 - 00203756 _____ C:\ProgramData\nvModes.001
2013-09-02 07:09 - 2008-04-10 14:40 - 00203756 _____ C:\ProgramData\nvModes.dat
2013-09-02 07:07 - 2009-11-16 01:03 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 07:07 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 18:30 - 2006-11-02 14:47 - 00385032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-01 18:27 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-09-01 18:16 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-01 18:13 - 2010-12-02 20:26 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Skype
2013-09-01 18:12 - 2008-04-10 14:12 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-01 18:09 - 2013-03-22 09:20 - 00019562 _____ C:\Windows\PFRO.log
2013-09-01 18:07 - 2008-04-10 12:46 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-09-01 18:07 - 2006-11-02 15:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-01 18:06 - 2013-09-01 18:06 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-09-01 18:06 - 2013-03-23 18:10 - 00040168 _____ C:\Windows\setupact.log
2013-09-01 18:06 - 2006-11-02 17:31 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\zh-HK
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\uk-UA
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\tr-TR
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\th-TH
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\sv-SE
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\sl-SI
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\sk-SK
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\ru-RU
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\ro-RO
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\pl-PL
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\nb-NO
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\lv-LV
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\lt-LT
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\ko-KR
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\ja-JP
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\hu-HU
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\hr-HR
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\he-IL
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fi-FI
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\et-EE
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\el-GR
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\bg-BG
2013-09-01 18:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\ar-SA
2013-09-01 18:05 - 2013-09-01 18:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2013-09-01 18:03 - 2013-09-01 18:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2013-09-01 18:00 - 2009-07-08 17:09 - 00000446 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2013-09-01 17:48 - 2010-03-29 15:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-01 17:42 - 2013-09-01 17:42 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2013-09-01 17:02 - 2013-09-01 17:02 - 02434048 _____ C:\Users\xxx\Downloads\msxml.msi
2013-09-01 16:38 - 2010-03-29 15:37 - 00002627 _____ C:\Users\xxx\Desktop\Microsoft Office Word 2007.lnk
2013-09-01 14:21 - 2010-12-19 17:50 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681480420-307595169-1651927566-1000Core.job
2013-08-30 01:51 - 2009-07-08 17:09 - 00000420 _____ C:\Windows\Tasks\ParetoLogic Update Version2.job
2013-08-26 16:32 - 2013-08-26 16:32 - 00000000 ____D C:\Users\xxx\Downloads\Pablo_Nouvelle
2013-08-23 07:27 - 2010-12-02 20:26 - 00000000 ___RD C:\Program Files\Skype
2013-08-23 07:27 - 2008-11-22 23:50 - 00000000 ____D C:\ProgramData\Skype
2013-08-21 09:05 - 2006-11-02 12:33 - 01362846 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-18 20:18 - 2008-04-15 11:46 - 00000000 ____D C:\Users\xxx\Documents\Bad-Reno GmbH
2013-08-18 10:14 - 2012-04-29 17:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-18 08:29 - 2013-08-18 08:29 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-18 08:29 - 2013-08-18 08:27 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-18 08:29 - 2013-08-18 08:27 - 00000000 ____D C:\Program Files\iTunes
2013-08-18 08:27 - 2013-08-18 08:27 - 00000000 ____D C:\Program Files\iPod
2013-08-18 08:27 - 2009-08-19 08:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-18 08:27 - 2008-04-15 16:38 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-17 07:53 - 2013-08-17 07:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 07:21 - 2008-04-10 13:31 - 00109264 _____ C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-15 03:13 - 2013-08-15 03:10 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:10 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-12 10:15 - 2013-08-12 10:15 - 00139176 _____ C:\Windows\Minidump\Mini081213-01.dmp
2013-08-12 10:15 - 2008-05-26 17:32 - 00000000 ____D C:\Windows\Minidump
2013-08-12 10:15 - 2008-05-26 17:31 - 221936863 _____ C:\Windows\MEMORY.DMP
2013-08-07 12:57 - 2013-03-28 07:26 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-08-07 12:11 - 2013-07-13 18:45 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Desk 365
2013-08-07 12:11 - 2013-07-13 18:45 - 00000000 ____D C:\Program Files\Desk 365

Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\xxx\AppData\Local\Temp\SkypeSetup.exe
C:\Users\xxx\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\xxx\AppData\Local\Temp\octC13B.tmp\PokkiUpdater.exe
C:\Users\xxx\AppData\Local\Temp\nsj7DC8.tmp\___ocnsis.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 07:30

==================== End Of Log ============================
und FRST Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-09-2013 04
Ran by xxx at 2013-09-02 12:47:39
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
 Updater (HKCU Version: 1.2.4.37949)
32 Bit HP CIO Components Installer (Version: 2.1.5)
7500_7600_7700_Help (Version: 1.00.0000)
Acrobat.com (Version: 0.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
AVI Media Player 1.0
Avira Free Antivirus (Version: 13.0.0.3885)
Bonjour (Version: 3.0.0.10)
BPD_HPSU (Version: 1.00.0000)
BPD_Scan (Version: 3.00.0000)
BPDSoftware (Version: 82.0.173.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 82.0.173.000)
Dell Resource CD (Version: 1.00.0000)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 82.0.188.000)
Google Talk Plugin (Version: 4.5.3.14917)
Google Update Helper (Version: 1.3.21.153)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Officejet Pro All-In-One Series (Version: 1.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 8.0 (Version: 8.0)
HPProductAssistant (Version: 82.0.173.000)
iCloud (Version: 2.0.2.187)
iPhone-Konfigurationsprogramm (Version: 2.1.0.163)
iTunes (Version: 11.0.5.5)
L7500 (Version: 50.0.165.000)
Laptop Integrated Webcam Driver (1.04.01.1011)  
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MPM (Version: 1.00.0000)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers (Version: 1.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Private Tax 2010 (Version: 1.1.3.584)
ProductContext (Version: 50.0.165.000)
QuickTime (Version: 7.74.80.86)
RealPlayer
Safari (Version: 5.34.57.2)
Scan (Version: 8.1.0.0)
Secunia PSI (3.0.0.6005) (Version: 3.0.0.6005)
SigmaTel Audio (Version: 5.10.5207.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 6.6 (Version: 6.6.106)
SolutionCenter (Version: 82.0.188.000)
Spotify (HKCU Version: 0.9.0.133.gd18ed589)
SpywareBlaster 5.0 (Version: 5.0.0)
Status (Version: 82.0.173.000)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 9.0.1.3)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
WebReg (Version: 82.0.173.000)
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Vista Upgrade Advisor (Version: 1.0.4)
WinPatrol (Version: 27.0.2013.0)
 

==================== Restore Points  =========================

02-09-2013 04:52:25 Windows Update
02-09-2013 05:37:40 Windows Update
02-09-2013 05:45:28 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-03-24 17:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0CD502AA-6E4A-4C52-8EBF-9B4CBEB87DF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-16] (Google Inc.)
Task: {1636E82D-84BD-44FE-89CA-F360719CEB24} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13] ()
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {40A3639C-09CC-4102-B5E7-115AE2C6AEA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-16] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {542EDC7E-2AD0-4DB5-8588-E3F0BD7FD872} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-03-11] ()
Task: {639570C3-937C-42BA-964A-8DAD2A66FA41} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {6D420DEE-E438-4EEE-BCA4-B33BCC49ED39} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {6FF6DCC9-8BC2-4C14-8DDD-1470A4530C46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: {7728DF46-1C18-469E-8768-9CDEDFC7E7E8} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7A7522E2-758B-445A-BC26-66AD777C7E19} - System32\Tasks\{62F1C594-689E-4173-8DE7-914733663D09} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {7F7DD176-FEE1-4FD5-B3A7-8CD0E31AD8D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1681480420-307595169-1651927566-1000Core => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22] (Google Inc.)
Task: {858BDBE4-BE47-4D89-AC67-55E73748F92F} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe No File
Task: {93029500-BCE9-4710-85E8-6B45F0C549E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {B526C4AE-08DA-478A-82CB-015B3964B5E2} - System32\Tasks\ParetoLogic Registration => C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13] ()
Task: {CB44A527-8C13-4A65-911E-0CFA04E2E0D2} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe No File
Task: {CB7B8FE3-CF65-4866-9555-BE9185ECB9A2} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-14] (InstallShield Software Corporation)
Task: {D966A6E2-2E7C-4B56-B5A7-38F7A42EA6A7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1681480420-307595169-1651927566-1000UA => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22] (Google Inc.)
Task: {DC580560-0A76-47D3-B9C3-4289913E012D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F2FA4DEF-B0CA-439E-93F3-837FF80D775D} - System32\Tasks\Google Updater and Installer => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22] (Google Inc.)
Task: {F6F300F7-2ACB-4850-AE79-45862CA810EC} - System32\Tasks\User_Feed_Synchronization-{A0465D06-4943-4B30-ADD1-A9F3BE07C0E8} => C:\Windows\system32\msfeedssync.exe [2012-03-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681480420-307595169-1651927566-1000Core.job => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681480420-307595169-1651927566-1000UA.job => C:\Users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe

==================== Loaded Modules (whitelisted) =============

2010-05-15 21:35 - 2009-04-11 08:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll
2008-04-10 14:03 - 2009-06-16 14:59 - 07617024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2013-03-31 00:26 - 2013-03-05 21:41 - 00064728 ____N (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\PATROLPRO.DLL
2006-11-02 10:40 - 2006-11-02 11:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2008-07-04 14:40 - 2008-01-19 09:33 - 00397312 _____ (Microsoft Corporation) C:\Windows\system32\audioeng.dll
2008-07-04 14:39 - 2008-01-19 09:36 - 01298432 _____ (Microsoft Corporation) C:\Windows\System32\TMM.dll
2008-04-10 14:03 - 2009-06-16 14:59 - 00989696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2006-11-02 10:45 - 2006-11-02 11:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\pautoenr.dll
2010-05-15 21:35 - 2009-04-11 08:28 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\certenroll.dll
2013-08-16 09:07 - 2013-08-16 09:07 - 00117576 _____ (Apple Inc.) C:\Program Files\iTunes\iTunesMiniPlayer.dll
2013-08-16 09:17 - 2013-08-16 09:17 - 00041288 _____ (Apple Inc.) C:\Program Files\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll
2013-08-16 09:08 - 2013-08-16 09:08 - 00137032 _____ (Apple Inc.) C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
2006-11-02 10:34 - 2006-11-02 11:46 - 00869376 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll
2010-10-14 09:06 - 2010-05-04 21:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\msshsq.dll
2008-07-04 14:41 - 2008-01-19 09:34 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2010-05-15 21:34 - 2009-04-11 08:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll
2010-05-15 21:34 - 2009-04-11 08:28 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll
2010-05-15 21:34 - 2009-04-11 08:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll
2010-05-15 21:35 - 2009-04-11 08:28 - 02134528 _____ (Microsoft Corporation) C:\Windows\system32\FunctionDiscoveryFolder.dll
2008-07-14 16:20 - 2008-01-19 09:35 - 02243072 _____ (Microsoft Corporation) C:\Windows\System32\NLSData0007.dll
2013-03-11 00:38 - 2013-03-11 00:38 - 01521800 _____ (Ask) C:\Program Files\Ask.com\GenericAskToolbar.dll
2010-05-15 21:34 - 2009-04-11 08:28 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00121704 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
2009-02-26 19:37 - 2009-02-26 19:37 - 00178040 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
2009-02-26 19:36 - 2009-02-26 19:36 - 01560912 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
2010-05-15 21:34 - 2009-04-11 08:28 - 00356864 _____ (Microsoft Corporation) C:\Windows\System32\mediametadatahandler.dll
2013-05-10 09:57 - 2013-05-10 09:57 - 00068680 _____ (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
2001-02-14 21:45 - 2001-02-14 21:45 - 01318912 _____ (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
2001-01-22 03:25 - 2001-01-22 03:25 - 00086016 _____ (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll
2008-07-04 14:38 - 2008-01-19 09:34 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\HLINK.dll
2001-02-12 04:01 - 2001-02-12 04:01 - 00053248 _____ (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\1031\nsextint.dll
2010-05-13 18:37 - 2013-04-04 14:50 - 00527944 _____ (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
2013-03-22 09:27 - 2013-04-04 14:50 - 02191944 _____ (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
2008-07-08 19:15 - 2006-11-15 19:06 - 00163840 _____ (Synaptics, Inc.) C:\Windows\system32\SynCOM.dll
2008-07-08 19:15 - 2006-11-15 19:06 - 00143360 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2008-07-04 14:39 - 2008-01-19 09:33 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2008-04-10 14:02 - 2007-04-10 18:02 - 01601536 _____ (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\STLang.dll
2008-04-10 14:02 - 2007-09-07 10:23 - 00299520 _____ (IDT, Inc.) C:\Windows\system32\stapi32.dll
2011-06-11 02:58 - 2011-06-11 02:58 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2011-06-11 02:58 - 2011-06-11 02:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-06-11 02:58 - 2011-06-11 02:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-06-11 02:58 - 2011-06-11 02:58 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL
2013-03-22 20:40 - 2013-07-02 20:45 - 00739384 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
2013-03-22 20:40 - 2013-07-02 20:44 - 00054840 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cfglib.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccguard.dll
2013-03-22 20:40 - 2013-05-06 11:59 - 00030432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdrc.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdw.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00378424 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\gpipc.dll
2013-03-22 20:40 - 2013-07-02 20:44 - 00059448 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avipc.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00418872 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrd.dll
2013-03-22 20:40 - 2013-05-06 11:59 - 00026168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrdrc.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00127544 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrdw.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00790584 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgen.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00049208 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgenrc.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00219192 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdate.dll
2013-03-22 20:40 - 2013-03-22 20:34 - 00029472 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdrc.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00082488 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclic.dll
2013-03-22 20:40 - 2013-03-22 20:34 - 00011632 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclicrc.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00207928 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsg.dll
2013-03-22 20:40 - 2013-03-22 20:34 - 00010608 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsgrc.dll
2013-03-22 20:40 - 2013-03-22 20:31 - 04780832 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
2013-03-22 20:40 - 2013-03-22 20:34 - 00016240 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmainrc.dll
2013-03-22 20:40 - 2013-07-02 20:45 - 00212536 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
2013-03-31 00:26 - 2012-12-10 03:46 - 00600868 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2013-08-16 09:07 - 2013-08-16 09:07 - 00148808 _____ (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01079184 _____ (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 00124816 _____ (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 00043408 _____ (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01291552 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00922912 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 16303976 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 00075664 _____ (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
2013-08-16 09:17 - 2013-08-16 09:17 - 00041800 _____ (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.DLL
2013-08-16 09:07 - 2013-08-16 09:07 - 00040264 _____ (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
2012-12-21 17:27 - 2012-12-21 17:27 - 01449648 _____ (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:43 - 2013-04-21 21:43 - 02464072 _____ (Apple, Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00455968 _____ (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00073064 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2009-09-03 07:33 - 2009-08-29 04:30 - 00542720 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcLayers.DLL
2009-06-16 10:27 - 2009-06-16 10:27 - 00092704 _____ (NVIDIA Corporation) C:\Windows\system32\nvHotkey.dll
2006-11-02 14:35 - 2006-11-02 14:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2008-07-04 14:39 - 2008-01-19 09:37 - 00195072 _____ (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnssci.dll
2010-05-15 21:34 - 2009-04-11 08:28 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2006-11-02 11:11 - 2006-11-02 11:46 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files\Skype\Updater\Updater.dll
2013-08-15 03:05 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:05 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 21:58 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2013-08-17 07:53 - 2013-08-17 07:53 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2010-10-14 09:06 - 2010-08-26 18:37 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2012-03-01 04:43 - 2012-03-01 04:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2008-07-04 14:38 - 2008-01-19 09:34 - 00084480 _____ (Microsoft Corporation) C:\Windows\System32\mp3dmod.dll
2013-06-19 19:44 - 2013-06-19 19:44 - 01366656 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2013 07:47:00 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log enthalten.

Error: (09/02/2013 07:46:54 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows Installer kann nicht fortfahren.

Error: (09/02/2013 07:40:16 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log enthalten.

Error: (09/02/2013 07:39:59 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows Installer kann nicht fortfahren.

Error: (09/02/2013 07:33:11 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 23.0.1.4974 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: df0
Anfangszeit: 01cea79c95a8fbe6
Zeitpunkt der Beendigung: 15

Error: (09/02/2013 06:59:41 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log enthalten.

Error: (09/02/2013 06:59:23 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows Installer kann nicht fortfahren.

Error: (09/01/2013 07:34:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13728

Error: (09/01/2013 07:34:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13728

Error: (09/01/2013 07:34:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/02/2013 07:50:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2833941){343E12E8-8772-4A72-9982-570122E959DB}203

Error: (09/02/2013 07:40:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2833941){343E12E8-8772-4A72-9982-570122E959DB}203

Error: (09/02/2013 07:10:10 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst%%1053

Error: (09/02/2013 07:10:08 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Player-Netzwerkfreigabedienst

Error: (09/02/2013 07:09:22 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/02/2013 07:08:01 AM) (Source: DCOM) (User: )
Description: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (09/02/2013 07:07:39 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 02.09.2013 um 07:05:55 unerwartet heruntergefahren.

Error: (09/02/2013 06:50:50 AM) (Source: DCOM) (User: )
Description: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (09/02/2013 06:50:37 AM) (Source: Service Control Manager) (User: )
Description: MBAMScheduler%%1053

Error: (09/02/2013 06:50:37 AM) (Source: Service Control Manager) (User: )
Description: 30000MBAMScheduler


Microsoft Office Sessions:
=========================
Error: (08/18/2013 01:23:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 674 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (07/22/2013 00:16:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 514 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (07/04/2013 08:51:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7997 seconds with 4200 seconds of active time.  This session ended with a crash.

Error: (07/02/2013 07:08:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3409 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/28/2013 05:59:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13608 seconds with 5460 seconds of active time.  This session ended with a crash.

Error: (06/28/2013 11:04:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 74 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (06/18/2013 05:44:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30140 seconds with 6540 seconds of active time.  This session ended with a crash.

Error: (06/18/2013 09:15:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 444 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (06/10/2013 09:31:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1633 seconds with 1260 seconds of active time.  This session ended with a crash.

Error: (05/29/2013 00:00:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9039 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-09-02 12:47:11.562
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-02 12:47:11.274
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-02 07:57:53.152
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-02 07:57:52.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-02 07:57:52.684
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-02 07:57:52.388
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-02 07:52:31.975
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-02 07:52:31.725
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-02 07:52:31.460
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-02 07:52:31.210
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 58%
Total physical RAM: 2045.31 MB
Available physical RAM: 847.71 MB
Total Pagefile: 4331.87 MB
Available Pagefile: 2724.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:229.83 GB) (Free:44.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=OF Extended)

==================== End Of Log ============================

last but not least gmer:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-02 13:45:16
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HM250JI rev.HS100-11 232.89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Corinne\AppData\Local\Temp\kxrdypoc.sys


---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                             Wdf01000.sys

Device          \Driver\BTHUSB \Device\00000070                                                                                                     bthport.sys
Device          \Driver\BTHUSB \Device\00000072                                                                                                     bthport.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                            fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9e91746                                                         
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9e91746 (not active ControlSet)                                     
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D10B695-2324-84ED-34C3-A915B85ABBB3}                     
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D10B695-2324-84ED-34C3-A915B85ABBB3}@haamjdilakbhdimm    0x6B 0x61 0x63 0x65 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D10B695-2324-84ED-34C3-A915B85ABBB3}@iaomdgediibffdaoio  0x6B 0x61 0x63 0x65 ...

---- EOF - GMER 2.1 ----
Lasst es mich wissen, wenn ich was falsch gemacht habe oder etwas fehlt...

Herzlichen Dank!!!!!!!!

coyogini

 

Themen zu Windows Vista: Adware Elex und PUP.opencandy und desk 365 (PC shutdown)
4d36e972-e325-11ce-bfc1-08002be10318, adware elex, adware.elex, antivir, antivirus, avira, beseitigung, bildschirm, bonjour, device driver, email, farbar recovery scan tool, fehlercode 1, firefox 23.0.1, flash player, homepage, iexplore.exe, langsam, malware, minidump, msiinstaller, nicht installiert, nodrives, officejet, pup.optional.desk365.a, pup.optional.opencandy, registry, required, secunia psi, security, software, spotify web helper, svchost.exe, vista, windows, windows xp


« GVU-Trojaner: Ich kann noch nicht mal von CD/USB starten | GVU trojaner - Welche Art von Daten kann ich sichern? »


Ähnliche Themen: Windows Vista: Adware Elex und PUP.opencandy und desk 365 (PC shutdown)


  1. Windows Vista Home Premium Service Pack 2 Win32/Bundled.Toolbar.Google.D und Variante von Win32/OpenCandy.C mit eset online scanner gefunden
    Log-Analyse und Auswertung - 16.10.2015 (9)
  2. Windows Vista Home Premium: AdWare Tracking Cookies gefunden
    Log-Analyse und Auswertung - 03.04.2015 (11)
  3. GData meldet Win32.Adware.OpenCandy.C
    Log-Analyse und Auswertung - 25.12.2014 (5)
  4. Windows Vista: Adware und anderes Zeugs
    Plagegeister aller Art und deren Bekämpfung - 12.12.2014 (37)
  5. Malware in Windows Vista: ADWARE.Goobzo.2825
    Log-Analyse und Auswertung - 08.10.2014 (9)
  6. eBay-Fake eMail mit ZIP Anhang gespeichert, Windows 7- Avira: Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 29.08.2014 (17)
  7. Win32/ELEX.J
    Log-Analyse und Auswertung - 17.06.2014 (23)
  8. Windows Vista: Malwarebytes findet PUP.Optional.OpenCandy und Exploit.Drop.GS
    Log-Analyse und Auswertung - 26.03.2014 (8)
  9. Windows Vista, viel Adware und ein Trojaner Trojan.Win32.Generic
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (9)
  10. ADWARE/OpenCandy.0.4
    Log-Analyse und Auswertung - 29.10.2013 (19)
  11. Windows Vista: Avira Antivir meldet erst ADWARE/bProtect.D einige Tage später TR/Fakeadb.A
    Log-Analyse und Auswertung - 26.10.2013 (17)
  12. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  13. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)
  14. Adware/win32/opencandy
    Log-Analyse und Auswertung - 07.01.2013 (7)
  15. Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (22)
  16. Nach Desk-Alarm Update: Windows & Firefox extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (35)
  17. java/agent.2212 + ADWARE/OpenCandy.A.7
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (17)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Vista: Adware Elex und PUP.opencandy und desk 365 (PC shutdown) - Liebes Trojaner-Board Team ...nach nur 5 Monaten muss ich leider schon wieder eure Hilfe beanspruchen. Wieder keinen blassen Schimmer, wie/wo/warum, aber was ich mir eingefangen habe. Mein Pc ist alt - Windows Vista: Adware Elex und PUP.opencandy und desk 365 (PC shutdown)...
Archiv
Du betrachtest: Windows Vista: Adware Elex und PUP.opencandy und desk 365 (PC shutdown) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19