![]() |
|
Log-Analyse und Auswertung: windows7: MBAM eliminiert bugs open candy?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() windows7: MBAM eliminiert bugs open candy? Hallo, gestern findet qickscan MBAM mit open candy befallene Dateien und elimiert sie erfolgreich. Habe das logfile leider nicht gespeichert. Heute dann ausführlicher scan mit MBAM: kein Befund. Dann defogger, FRST und GMER (ging nur im abgesicherten Modus) durchgeführt. Logfiles anbei. Muss ich noch etwas tun? Vielen Dank schon! Ulrika ![]() Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:39 on 23/12/2013 (ulrike) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01 Ran by ulrike (administrator) on ULRIKE-PC on 23-12-2013 13:40:20 Running from C:\Users\ulrike\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe (Flux Software LLC) C:\Users\ulrike\AppData\Local\FluxSoftware\Flux\flux.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Dropbox, Inc.) C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe (Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Hewlett-Packard Co.) C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-08-01] (IDT, Inc.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [656384 2009-06-11] (Dell Inc.) HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\5f3d6ac3-5abf-45e0-8524-16c12067374a.exe [180184 2013-11-23] (AVAST Software) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [F.lux] - C:\Users\ulrike\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC) HKCU\...\Run: [GoogleChromeAutoLaunch_156B29F5313FECB4988F8467F606B4B7] - C:\Program Files\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [456768 2013-10-19] (BillP Studios) Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=4eea3c1a0000000000000024d66b56cb SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {F6F76182-93ED-499D-9491-EEFAEC99A3BC} URL = SearchScopes: HKCU - {56AB6DB6-BC28-4343-A0D3-A80203D8CC86} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=4eea3c1a0000000000000024d66b56cb&r=104 SearchScopes: HKCU - {F6F76182-93ED-499D-9491-EEFAEC99A3BC} URL = BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///D:/viewer/ORDcmViewCD.ocx Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{6A29D2DF-4ED9-4558-9A3C-8468D7C85B2E}: [NameServer]192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default FF user.js: detected! => C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\user.js FF Homepage: hxxp://www.ecosia.org/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\searchplugins\softonic.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\toolkitsearch.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: Adblock Plus Pop-up Addon - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\adblockpopups@jessehakanen.net.xpi FF Extension: S3.Google Translator - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\s3google@translator.xpi FF Extension: Test Pilot - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\testpilot@labs.mozilla.com.xpi FF Extension: NoScript - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: Adblock Plus - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=4eea3c1a0000000000000024d66b56cb CHR RestoreOnStartup: "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=4eea3c1a0000000000000024d66b56cb" CHR DefaultSearchProvider: Search the web (Softonic) CHR DefaultSearchURL: hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=4eea3c1a0000000000000024d66b56cb CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: ( "name": "",) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll No File CHR Plugin: (Skype Click to Call) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll No File CHR Plugin: (Free Studio) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (DevalVR 3D Plugin) - C:\Program Files\Google\Chrome\Application\plugins\npdevalvr.dll (www.devalvr.com) CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (avast! Ad Blocker) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0 CHR Extension: (Skype Click to Call) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0 CHR HKLM\...\Chrome\Extension: [cljghnkcnkhedlnhdgbcbefjoapionoc] - C:\Users\ulrike\AppData\Local\eToolKit\Beemp3.crx CHR HKLM\...\Chrome\Extension: [dnlhamhiejpiajljicfphhpiahoojipl] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookShare.crx CHR HKLM\...\Chrome\Extension: [dpmoonohndgmmnlcnjajheaahmnjlbmj] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookStatus.crx CHR HKLM\...\Chrome\Extension: [eelchhiiipbeleiimmhpdfbagkcjdmdm] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookChat.crx CHR HKLM\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx CHR HKLM\...\Chrome\Extension: [fppahmlkambbejgkiidklamcmhealjag] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookLike.crx CHR HKLM\...\Chrome\Extension: [jchankggehakkafdlalgmfbodgfilnbg] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookMain.crx CHR HKLM\...\Chrome\Extension: [jedcimnjemkbmkkngncfgfpjgfcapimk] - C:\Users\ulrike\AppData\Local\eToolKit\Extmanager.crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-01-28] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-01-28] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [565472 2013-01-14] (Avira Operations GmbH & Co. KG) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [293968 2009-04-27] (Dell Inc.) R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812392 2009-06-26] (Broadcom Corporation) R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [26984 2009-06-26] (Broadcom Corporation) R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [382752 2009-07-16] (Dell Inc.) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1019904 2009-06-03] (Wave Systems Corp.) R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) R2 SMManager; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [76288 2009-10-05] (Smith Micro Software, Inc.) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe [221266 2009-08-01] (IDT, Inc.) S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1622016 2009-06-11] (Wave Systems Corp.) ==================== Drivers (Whitelisted) ==================== S3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation) R3 ASAPIW2K; C:\Windows\System32\Drivers\ASAPIW2K.sys [11264 2003-11-28] (Pinnacle Systems GmbH) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83944 2012-11-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [134336 2012-11-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36552 2012-11-22] (Avira Operations GmbH & Co. KG) R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-06-26] (Broadcom Corporation) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.) S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation ) R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.) R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277440 2008-09-18] (Creative Technology Ltd.) R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia) S3 risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [49152 2009-07-01] (REDC) S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38400 2009-07-05] (REDC) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [45240 2011-11-17] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [441608 2011-11-17] (Paragon) R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [277576 2011-11-17] (Paragon) R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [200192 2009-07-27] (Wave Systems Corp.) S3 btwaudio; system32\drivers\btwaudio.sys [x] S3 btwavdt; system32\DRIVERS\btwavdt.sys [x] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x] S3 btwrchid; system32\DRIVERS\btwrchid.sys [x] S3 catchme; \??\C:\Users\ulrike\AppData\Local\Temp\catchme.sys [x] S3 CtAudDrv; \??\C:\Windows\system32\Drivers\CtAudDrv.sys [x] S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [x] S3 NvtSp50; System32\Drivers\NvtSp50.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-23 13:40 - 2013-12-23 13:40 - 00024605 _____ C:\Users\ulrike\Desktop\FRST.txt 2013-12-23 13:40 - 2013-12-23 13:40 - 00000000 ____D C:\FRST 2013-12-23 13:38 - 2013-12-23 13:38 - 01061231 _____ (Farbar) C:\Users\ulrike\Desktop\FRST.exe 2013-12-23 13:36 - 2013-12-23 13:39 - 00000474 _____ C:\Users\ulrike\Desktop\defogger_disable.log 2013-12-23 13:36 - 2013-12-23 13:36 - 00000000 _____ C:\Users\ulrike\defogger_reenable 2013-12-23 13:35 - 2013-12-23 13:35 - 00050477 _____ C:\Users\ulrike\Desktop\Defogger.exe 2013-12-23 08:30 - 2013-12-23 08:30 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-23 08:30 - 2013-12-23 08:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-12-23 08:30 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-23 08:28 - 2013-12-23 08:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ulrike\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-21 19:46 - 2013-12-21 19:47 - 00000000 ____D C:\Users\ulrike\Desktop\baby 2013-12-20 21:29 - 2013-12-20 21:29 - 00151760 _____ C:\Windows\Minidump\122013-27315-01.dmp 2013-12-20 20:27 - 2013-12-21 19:44 - 00010025 _____ C:\Users\ulrike\Desktop\eiweißreich.odt 2013-12-20 15:04 - 2013-12-20 15:04 - 00000058 _____ C:\Users\ulrike\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat 2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\Documents\DonationCoder 2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DonationCoder 2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\ProgramData\DonationCoder 2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Program Files\ScreenshotCaptor 2013-12-17 17:39 - 2013-12-18 21:32 - 00000000 ____D C:\Users\ulrike\Desktop\2013-10_marpa_house 2013-12-17 08:56 - 2013-12-17 08:57 - 00000000 ____D C:\Users\ulrike\Desktop\ah 2013-12-15 13:41 - 2013-12-15 13:48 - 00000000 ____D C:\Users\ulrike\Desktop\festung 2013-12-14 23:00 - 2013-12-14 23:00 - 00017708 _____ C:\Users\ulrike\Desktop\kürbiskerne.odt 2013-12-11 18:03 - 2013-12-23 13:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-11 18:03 - 2013-12-11 18:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-12-11 18:03 - 2013-12-11 18:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-12-11 15:53 - 2013-12-11 15:53 - 08641416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2013-12-11 13:53 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 13:53 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 13:53 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-11 13:53 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-11 13:53 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-11 13:53 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 13:53 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 13:53 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-11 13:53 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 13:53 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-11 13:53 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-11 13:53 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-11 13:53 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-11 13:53 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-11 13:53 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-11 13:53 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 13:53 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-11 13:53 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 13:53 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 13:39 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-11 13:39 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-11 13:28 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-11 13:28 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-11 13:28 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-11 13:28 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-11 13:28 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-11 13:28 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-11 13:28 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-11 13:28 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-11 13:28 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-11 13:28 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-11 13:28 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-09 18:40 - 2013-12-09 18:40 - 00265732 _____ C:\Windows\system32\~.tmp 2013-12-04 08:50 - 2013-12-13 23:22 - 00000000 ____D C:\Users\ulrike\Desktop\transkrib 2013-11-26 16:55 - 2013-11-26 16:55 - 00534744 _____ C:\Program Files\noscript-2.6.8.5.xpi 2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\Program Files\wot-latest1030 2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\WinPatrol 2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Program Files\BillP Studios 2013-11-26 16:44 - 2013-11-26 16:44 - 00000000 ____D C:\ProgramData\InstallMate ==================== One Month Modified Files and Folders ======= 2013-12-23 13:40 - 2013-12-23 13:40 - 00024605 _____ C:\Users\ulrike\Desktop\FRST.txt 2013-12-23 13:40 - 2013-12-23 13:40 - 00000000 ____D C:\FRST 2013-12-23 13:39 - 2013-12-23 13:36 - 00000474 _____ C:\Users\ulrike\Desktop\defogger_disable.log 2013-12-23 13:38 - 2013-12-23 13:38 - 01061231 _____ (Farbar) C:\Users\ulrike\Desktop\FRST.exe 2013-12-23 13:38 - 2010-02-17 17:49 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Skype 2013-12-23 13:36 - 2013-12-23 13:36 - 00000000 _____ C:\Users\ulrike\defogger_reenable 2013-12-23 13:36 - 2010-01-28 09:33 - 00000000 ____D C:\Users\ulrike 2013-12-23 13:35 - 2013-12-23 13:35 - 00050477 _____ C:\Users\ulrike\Desktop\Defogger.exe 2013-12-23 13:29 - 2010-01-31 23:27 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-23 13:16 - 2013-12-11 18:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-23 08:37 - 2013-09-16 20:38 - 00000000 ____D C:\Users\ulrike\AppData\Local\Windows Live 2013-12-23 08:33 - 2009-07-14 05:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-23 08:33 - 2009-07-14 05:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-23 08:31 - 2009-07-14 05:55 - 01854417 _____ C:\Windows\WindowsUpdate.log 2013-12-23 08:30 - 2013-12-23 08:30 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-23 08:30 - 2013-12-23 08:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-12-23 08:29 - 2013-12-23 08:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ulrike\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-23 08:26 - 2013-03-15 09:02 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Dropbox 2013-12-23 08:26 - 2011-01-14 08:08 - 00000000 ___RD C:\Users\ulrike\Dropbox 2013-12-23 08:25 - 2010-01-31 23:27 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-23 08:24 - 2013-03-22 16:57 - 00066872 _____ C:\Windows\setupact.log 2013-12-23 08:24 - 2011-12-20 21:27 - 00000000 ____D C:\ProgramData\McAfee 2013-12-23 08:24 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-22 23:25 - 2013-03-22 16:56 - 00087566 _____ C:\Windows\PFRO.log 2013-12-22 16:08 - 2012-11-15 16:32 - 00000000 ____D C:\Users\ulrike\Desktop\kontakte 2013-12-22 15:22 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public 2013-12-22 14:53 - 2010-08-15 10:45 - 00000000 ____D C:\Program Files\XMedia Recode 2013-12-22 14:51 - 2010-03-15 23:00 - 00000000 ____D C:\Program Files\NCH Software 2013-12-22 14:38 - 2013-11-18 16:43 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2013-12-22 14:38 - 2013-02-19 20:51 - 00000000 ____D C:\Program Files\DVDVideoSoft 2013-12-22 14:37 - 2012-01-04 21:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DVDVideoSoft 2013-12-22 08:51 - 2010-02-17 17:48 - 00000000 ___RD C:\Program Files\Skype 2013-12-22 08:51 - 2010-02-17 17:48 - 00000000 ____D C:\ProgramData\Skype 2013-12-22 08:47 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-21 20:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF 2013-12-21 19:47 - 2013-12-21 19:46 - 00000000 ____D C:\Users\ulrike\Desktop\baby 2013-12-21 19:44 - 2013-12-20 20:27 - 00010025 _____ C:\Users\ulrike\Desktop\eiweißreich.odt 2013-12-21 15:24 - 2010-01-22 14:42 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-20 21:29 - 2013-12-20 21:29 - 00151760 _____ C:\Windows\Minidump\122013-27315-01.dmp 2013-12-20 21:29 - 2013-10-06 16:42 - 00000000 ____D C:\Windows\Minidump 2013-12-20 15:04 - 2013-12-20 15:04 - 00000058 _____ C:\Users\ulrike\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat 2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\Documents\DonationCoder 2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DonationCoder 2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\ProgramData\DonationCoder 2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Program Files\ScreenshotCaptor 2013-12-18 21:32 - 2013-12-17 17:39 - 00000000 ____D C:\Users\ulrike\Desktop\2013-10_marpa_house 2013-12-17 08:57 - 2013-12-17 08:56 - 00000000 ____D C:\Users\ulrike\Desktop\ah 2013-12-15 13:48 - 2013-12-15 13:41 - 00000000 ____D C:\Users\ulrike\Desktop\festung 2013-12-14 23:54 - 2011-03-23 20:29 - 00000234 _____ C:\Windows\Brownie.ini 2013-12-14 23:00 - 2013-12-14 23:00 - 00017708 _____ C:\Users\ulrike\Desktop\kürbiskerne.odt 2013-12-13 23:22 - 2013-12-04 08:50 - 00000000 ____D C:\Users\ulrike\Desktop\transkrib 2013-12-13 23:19 - 2010-01-31 20:08 - 00000000 ____D C:\Users\ulrike\Documents\privat 2013-12-13 23:10 - 2013-11-12 18:12 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-12-13 23:10 - 2010-01-30 12:36 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-12-13 17:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-12-11 18:03 - 2013-12-11 18:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-12-11 18:03 - 2013-12-11 18:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-12-11 18:03 - 2010-01-31 18:39 - 00000000 ____D C:\Users\ulrike\AppData\Local\Adobe 2013-12-11 15:55 - 2010-01-28 14:37 - 00000000 ____D C:\Program Files\Adobe 2013-12-11 15:55 - 2010-01-22 14:33 - 00000000 ____D C:\Windows\system32\Macromed 2013-12-11 15:53 - 2013-12-11 15:53 - 08641416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2013-12-11 15:46 - 2012-04-26 06:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-11 15:44 - 2013-09-30 21:02 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-12-11 14:08 - 2009-07-14 05:33 - 00495888 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-11 14:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-12-11 13:55 - 2013-02-22 10:31 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-11 13:47 - 2013-08-14 21:22 - 00000000 ____D C:\Windows\system32\MRT 2013-12-11 13:43 - 2010-01-28 10:40 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-09 18:40 - 2013-12-09 18:40 - 00265732 _____ C:\Windows\system32\~.tmp 2013-12-07 22:16 - 2013-09-13 07:31 - 00000000 ____D C:\Users\ulrike\Desktop\gartenträume-zoo 2013-11-26 16:55 - 2013-11-26 16:55 - 00534744 _____ C:\Program Files\noscript-2.6.8.5.xpi 2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\Program Files\wot-latest1030 2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\WinPatrol 2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Program Files\BillP Studios 2013-11-26 16:44 - 2013-11-26 16:44 - 00000000 ____D C:\ProgramData\InstallMate 2013-11-26 11:11 - 2013-12-11 13:53 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-26 10:23 - 2013-12-11 13:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-26 10:22 - 2013-12-11 13:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-11-26 09:53 - 2013-12-11 13:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-26 09:52 - 2013-12-11 13:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-11-26 09:38 - 2013-12-11 13:53 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-26 09:38 - 2013-12-11 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-26 09:36 - 2013-12-11 13:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-26 09:32 - 2013-12-11 13:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-26 09:29 - 2013-12-11 13:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-26 09:29 - 2013-12-11 13:53 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-11-26 09:28 - 2013-12-11 13:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-11-26 09:16 - 2013-12-11 13:53 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-26 09:13 - 2013-12-11 13:53 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-26 08:32 - 2013-12-11 13:53 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-26 08:26 - 2013-12-11 13:53 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-26 07:34 - 2013-12-11 13:53 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-11-26 07:33 - 2013-12-11 13:53 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-26 07:27 - 2013-12-11 13:53 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-25 22:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2013-11-25 18:32 - 2012-02-19 18:33 - 00000000 ____D C:\Users\ulrike\AppData\Local\www.rene-zeidler.de 2013-11-24 15:02 - 2011-04-25 17:31 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\vlc 2013-11-23 19:26 - 2013-12-11 13:28 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll Some content of TEMP: ==================== C:\Users\ulrike\AppData\Local\temp\0306791387751441mcinst.exe C:\Users\ulrike\AppData\Local\temp\prismsetup.exe C:\Users\ulrike\AppData\Local\temp\SpeedAnalysisSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-25 22:07 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2013 01 Ran by ulrike at 2013-12-23 13:41:03 Running from C:\Users\ulrike\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8) 4500_G510gm_Help (Version: 000.0.439.000) 4500G510gm (Version: 000.0.423.000) 4500G510gm_Software_Min (Version: 000.0.423.000) 7-Zip 9.30 alpha Adobe Flash Player 11 Plugin (Version: 11.9.900.170) Adobe Photoshop Elements 7.0 (Version: 7.0) Adobe Photoshop Elements 7.0 (Version: 7.0.0.3) All Day Battery Life Configuration (Version: 1.1.0) Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) ASAPI (Version: 6.0.0) Ashampoo Burning Studio Elements 10.0.9 (Version: 3.1.1) avast! Ad Blocker (Version: 1.0.0.0) avast! Free Antivirus (Version: 8.0.1489.0) BioAPI Framework (Version: 1.0.1) Bonjour (Version: 3.0.0.10) Brother HL-2030 (Version: 1.00) BufferChm (Version: 130.0.331.000) Canon Utilities CameraWindow DC 8 (Version: 8.7.0.11) Canon Utilities ImageBrowser EX (Version: 1.2.1.13) Canon Utilities PhotoStitch (Version: 3.1.23.47) CDBurnerXP (Version: 4.5.2.4291) D3DX10 (Version: 15.4.2368.0902) DCP32MMWrapper (Version: 1.6.334.60) Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition Dell Control Point (Version: 1.6.334.60) Dell ControlPoint Connection Manager (Version: 1.3.1) Dell ControlPoint Security Manager (Version: 1.6.334.60) Dell ControlPoint System Manager (Version: 1.3.00000) Dell ControlVault Host Components Installer (Version: 1.7.324.55) Dell Driver Download Manager (HKCU Version: 2.1.0.0) Dell Edoc Viewer (Version: 1.0.0) Dell Embassy Trust Suite by Wave Systems (Version: 03.04.00.063) Dell Security Device Driver Pack (Version: 1.3.039) Dell Touchpad (Version: 7.2.101.228) Destinations (Version: 140.0.77.000) DevalVR plugin for Netscape and compatible browsers DeviceDiscovery (Version: 130.0.372.000) DocMgr (Version: 130.0.000.000) DocProc (Version: 13.0.0.0) Document Manager Lite (Version: 06.09.00.121) Dropbox (HKCU Version: 2.0.22) DVD Shrink 3.2 deutsch (DeCSS-frei) EMBASSY Security Center (Version: 03.09.00.092) EMBASSY Security Setup (Version: 03.09.00.102) ESC Home Page Plugin (Version: 03.04.00.029) Express Burn Express Dictate Express Scribe f.lux f4 2012 Fax (Version: 130.0.418.000) Free Audio CD to MP3 Converter version 1.3.12.1228 (Version: 1.3.12.1228) Free DVD Video Converter version 2.0.13.1212 (Version: 2.0.13.1212) Free Video Dub version 2.0.21.827 (Version: 2.0.21.827) Free YouTube Download version 3.2.18.1128 (Version: 3.2.18.1128) Free YouTube to MP3 Converter version 3.12.17.1127 (Version: 3.12.17.1127) Gemalto (Version: 01.01.00.0000) GIMP 2.8.6 (Version: 2.8.6) Google Chrome (Version: 31.0.1650.63) Google Earth (Version: 7.1.2.2041) Google Update Helper (Version: 1.3.22.3) GPBaseService2 (Version: 130.0.371.000) HP Customer Participation Program 13.0 (Version: 13.0) HP Document Manager 2.0 (Version: 2.0) HP Imaging Device Functions 13.0 (Version: 13.0) HP Officejet 4500 G510g-m (Version: 13.0) HP Smart Web Printing 4.5 (Version: 4.5) HP Solution Center 13.0 (Version: 13.0) HP Update (Version: 5.005.000.001) HPDiagnosticAlert (Version: 1.00.0000) HPProductAssistant (Version: 130.0.371.000) HPSSupply (Version: 130.0.371.000) Integrated Webcam Driver (1.03.02.0919) Intel(R) Graphics Media Accelerator Driver Intel(R) Network Connections 14.6.9.0 (Version: 14.6.9.0) Intel(R) TV Wizard Intel® Matrix Storage Manager Junk Mail filter update (Version: 16.4.3505.0912) MAGIX Audio Cleaning Lab 16 deluxe (Version: 16.0.0.0) MAGIX Speed burnR (Version: 6.0.1.4) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MarketResearch (Version: 130.0.374.000) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938) Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017) Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017) Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017) Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017) Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017) Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft Rechner-Plus (Version: 1.0.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017) Microsoft-Maus- und Tastatur-Center (Version: 2.0.162.0) Mozilla Firefox 26.0 (x86 de) (Version: 26.0) Mozilla Maintenance Service (Version: 26.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Network (Version: 130.0.374.000) NTRU TCG Software Stack (Version: 2.1.29) OCR Software by I.R.I.S. 13.0 (Version: 13.0) OpenOffice 4.0.1 (Version: 4.01.9714) Outils de vérification linguistique 2013 de Microsoft OfficeÂ*- Français (Version: 15.0.4420.1017) Paragon Backup & Recoveryâ„¢ 2012 Free (Version: 90.00.0003) PDF24 Creator 5.3.0 PDFCreator (Version: 1.2.0) PDF-Viewer (Version: 2.5.211.0) PowerDVD DX (Version: 8.3.5424) Preboot Manager (Version: 02.09.00.071) Private Information Manager (Version: 06.04.00.047) QuickTime (Version: 7.74.80.86) RealUpgrade 1.0 (Version: 1.0.0) SA30xx Media Converter (Version: 1.1.5.1007) Scan (Version: 140.0.80.000) Screenshot Captor 4.8 Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011) Secure Eraser (Version: 4.2.0.1) Security Wizards (Version: 01.07.00.016) Shop for HP Supplies (Version: 13.0) Skype Click to Call (Version: 6.3.11079) Skypeâ„¢ 6.11 (Version: 6.11.102) SmartWebPrinting (Version: 130.0.373.000) SO32MMWrapper (Version: 1.6.334.60) SolutionCenter (Version: 130.0.373.000) Status (Version: 130.0.373.000) swMSM (Version: 12.0.0.1) Toolbox (Version: 130.0.648.000) TrayApp (Version: 130.0.376.000) Trusted Drive Manager (Version: 3.1.0.116) Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition Update for Microsoft Word 2013 (KB2850060) 32-Bit Edition Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01) VLC media player 2.1.1 (Version: 2.1.1) Wave Infrastructure Installer (Version: 07.00.21.0000) Wave Support Software (Version: 05.10.00.046) WavePad Audiobearbeitungs-Software WebReg (Version: 130.0.132.017) WIDCOMM Bluetooth Software (Version: 6.2.1.100) Windows 7 Upgrade Advisor (Version: 2.0.5000.0) Windows Live Communications Platform (Version: 16.4.3505.0912) Windows Live Essentials (Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3505.0912) Windows Live Mail (Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (Version: 16.4.3505.0912) Windows Live PIMT Platform (Version: 16.4.3505.0912) Windows Live SOXE (Version: 16.4.3505.0912) Windows Live SOXE Definitions (Version: 16.4.3505.0912) Windows Live Sync (Version: 14.0.8089.726) Windows Live UX Platform (Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (Version: 16.4.3505.0912) Windows Live Writer (Version: 16.4.3505.0912) Windows Live Writer Resources (Version: 16.4.3505.0912) Windows Media Player Firefox Plugin (Version: 1.0.0.8) Windows-Treiberpaket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5) WinPatrol (Version: 29.0.2013) XMedia Recode 2.2.5.8 (Version: 2.2.5.8) XMedia Recode Version 3.1.4.9 (Version: 3.1.4.9) ==================== Restore Points ========================= 10-12-2013 07:58:27 Windows Update 11-12-2013 12:36:09 Windows Update 11-12-2013 14:21:26 Windows Update 11-12-2013 14:56:15 Removed Adobe Flash Player 11 Plugin. 13-12-2013 22:06:18 Removed iTunes 13-12-2013 22:13:38 Removed WIDCOMM Bluetooth Software 17-12-2013 07:50:27 Windows Update 22-12-2013 13:43:28 TuneUp Utilities 2014 wird entfernt 22-12-2013 13:44:48 TuneUp Utilities 2014 (de-DE) wird entfernt ==================== Hosts content: ========================== 2009-07-14 03:04 - 2013-08-31 20:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0B4C92F7-4F04-412B-A155-DB05DCE26636} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-289800921-2288194260-3485654390-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {22E721D6-ABFA-456C-9332-A4717C08F12B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation) Task: {2A71037E-736B-45E8-90E8-F32B32EFDECB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {2EA70800-A987-43DC-8D8C-4E7B0268AA8D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {31472746-6047-495D-8246-1298074EF57D} - System32\Tasks\NCH Software\ExpressBurnReminder => C:\Program Files\NCH Software\ExpressBurn\expressburn.exe [2012-09-15] (NCH Software) Task: {3A182F09-12FB-4BB8-A39D-4A73C319ADC4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {3AE5FE89-A1B2-4002-B7AB-2CE5ECCBC910} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {4DD32D03-C05C-48C5-91BE-C943E0056E6D} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe Task: {63B0DC69-5D20-4419-A40E-246A236F4936} - System32\Tasks\{48FE6037-9EA9-484A-B752-6263D3787571} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {6BE321CC-8D7E-4BB0-85E5-3063FF48A121} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {71C4E435-EDBC-4AF3-BA15-6A4F587760F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2012-11-02] (Microsoft) Task: {8081DB32-E7E3-4682-A117-0F2108E50A3E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-289800921-2288194260-3485654390-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {84333D4D-1683-4E27-B80D-94BD74EA3CE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {9C34C630-D950-44AE-890C-2B6CC2589265} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation) Task: {A2DDDEB8-6CAC-4936-A712-1A39994CDFFC} - System32\Tasks\NCH Software\scribeShakeIcon => C:\Program Files\NCH Software\Scribe\scribe.exe [2013-01-17] (NCH Software) Task: {ABB27C21-1E87-4F1A-8BBB-AEDE1C22FB2B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {AC36F7C9-F8A2-4787-86AA-D16A4A19DD4F} - System32\Tasks\{29F12D92-9D2B-4269-A005-BAAA29A43780} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179&LastError=12007 Task: {D06B7EF4-FFAD-4D71-9330-BB6BDE6AB8BB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ulrike-PC-ulrike ulrike-PC => C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE [2013-11-08] (Microsoft Corporation) Task: {E281230E-84D2-47AA-8CEA-D25A46D68C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.) Task: {E94EDB73-02FE-4698-BC9C-D248B9A5F853} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\microsoft shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {E9C0E132-4766-4A24-AD09-9651EC4C1FC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-26 16:45 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll 2013-03-23 15:12 - 2013-01-29 19:45 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll 2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\ulrike\AppData\Roaming\Dropbox\bin\libcef.dll 2009-06-03 12:07 - 2009-06-03 12:07 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll 2008-11-12 13:29 - 2008-11-12 13:29 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll 2013-09-30 21:02 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows:nlsPreferences ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/23/2013 09:02:39 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (12/23/2013 08:34:44 AM) (Source: Office 2013 Licensing Service) (User: ) Description: Subscription licensing service failed: -1073418231 Error: (12/22/2013 08:51:50 PM) (Source: Application Hang) (User: ) Description: Programm Skype.exe, Version 6.11.0.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Ãœberprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b14 Startzeit: 01cefeea915b3331 Endzeit: 349 Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe Berichts-ID: 77e6f736-6b42-11e3-bcd7-0026b99a8d83 Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2734698 Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2734698 Error: (12/22/2013 08:49:48 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/22/2013 07:00:03 PM) (Source: Windows Backup) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Ãœberprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5289 Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5289 Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (12/23/2013 08:25:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053 Error: (12/23/2013 08:25:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/23/2013 08:25:11 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht. Error: (12/23/2013 08:24:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/23/2013 08:24:36 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht. Error: (12/23/2013 08:24:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error: (12/22/2013 11:26:18 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/22/2013 11:26:18 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht. Error: (12/22/2013 11:25:47 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053 Error: (12/22/2013 11:25:47 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office Sessions: ========================= Error: (12/23/2013 09:02:39 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (12/23/2013 08:34:44 AM) (Source: Office 2013 Licensing Service)(User: ) Description: Subscription licensing service failed: -1073418231 Error: (12/22/2013 08:51:50 PM) (Source: Application Hang)(User: ) Description: Skype.exe6.11.0.102b1401cefeea915b3331349C:\Program Files\Skype\Phone\Skype.exe77e6f736-6b42-11e3-bcd7-0026b99a8d83 Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2734698 Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2734698 Error: (12/22/2013 08:49:48 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/22/2013 07:00:03 PM) (Source: Windows Backup)(User: ) Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Ãœberprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5289 Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5289 Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 3535.9 MB Available physical RAM: 1767.71 MB Total Pagefile: 7070.09 MB Available Pagefile: 5024.12 MB Total Virtual: 2047.88 MB Available Virtual: 1910.4 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:231.89 GB) (Free:18.12 GB) NTFS Drive d: (05 Jan 2013) (CDROM) (Total:4.38 GB) (Free:4.37 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: F0000000) Partition 1: (Not Active) - (Size=267 MB) - (Type=DE) Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-12-23 15:44:42 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925041 rev.0004 232,89GB Running: gmer_2.1.19163.exe; Driver: C:\Users\ulrike\AppData\Local\Temp\uwdirpod.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A56A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A90212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Devices - GMER 2.1 ---- Device \FileSystem\fastfat \Fat 9BBB2130 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5fb327c Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5fb327c (not active ControlSet) Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\ulrike\Desktop\f\xb3r_ryder\uninstall.exe 1 ---- EOF - GMER 2.1 ---- |
Themen zu windows7: MBAM eliminiert bugs open candy? |
ad-aware, antivirus, bug open candy, canon, chromium, converter, device driver, dvdvideosoft ltd., flash player, helper, homepage, install.exe, minidump, mozilla, officejet, open candy, plug-in, programm, pup.optional.conduit.a, pup.optional.opencandy, pup.optional.opencandy.a, registry, search the web, secunia psi, services.exe, software, svchost.exe, system, tracker, windows |