windows7: MBAM eliminiert bugs open candy?

ulrika7 · 23.12.2013, 16:08

Hallo,
gestern findet qickscan MBAM mit open candy befallene Dateien und elimiert sie erfolgreich. Habe das logfile leider nicht gespeichert.
Heute dann ausführlicher scan mit MBAM: kein Befund.
Dann defogger, FRST und GMER (ging nur im abgesicherten Modus) durchgeführt.
Logfiles anbei.
Muss ich noch etwas tun?
Vielen Dank schon!
Ulrika

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:39 on 23/12/2013 (ulrike)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

ï»¿Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01
Ran by ulrike (administrator) on ULRIKE-PC on 23-12-2013 13:40:20
Running from C:\Users\ulrike\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe
(Flux Software LLC) C:\Users\ulrike\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Hewlett-Packard Co.) C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-08-01] (IDT, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [656384 2009-06-11] (Dell Inc.)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\5f3d6ac3-5abf-45e0-8524-16c12067374a.exe [180184 2013-11-23] (AVAST Software)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [F.lux] - C:\Users\ulrike\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKCU\...\Run: [GoogleChromeAutoLaunch_156B29F5313FECB4988F8467F606B4B7] - C:\Program Files\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [456768 2013-10-19] (BillP Studios)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=4eea3c1a0000000000000024d66b56cb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {F6F76182-93ED-499D-9491-EEFAEC99A3BC} URL = 
SearchScopes: HKCU - {56AB6DB6-BC28-4343-A0D3-A80203D8CC86} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=4eea3c1a0000000000000024d66b56cb&r=104
SearchScopes: HKCU - {F6F76182-93ED-499D-9491-EEFAEC99A3BC} URL = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///D:/viewer/ORDcmViewCD.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6A29D2DF-4ED9-4558-9A3C-8468D7C85B2E}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default
FF user.js: detected! => C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\user.js
FF Homepage: hxxp://www.ecosia.org/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\toolkitsearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: S3.Google Translator - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\s3google@translator.xpi
FF Extension: Test Pilot - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: NoScript - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Adblock Plus - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=4eea3c1a0000000000000024d66b56cb
CHR RestoreOnStartup: "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=4eea3c1a0000000000000024d66b56cb"
CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=4eea3c1a0000000000000024d66b56cb
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (         "name": "",) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Free Studio) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DevalVR 3D Plugin) - C:\Program Files\Google\Chrome\Application\plugins\npdevalvr.dll (www.devalvr.com)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (avast! Ad Blocker) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0
CHR Extension: (Skype Click to Call) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR HKLM\...\Chrome\Extension: [cljghnkcnkhedlnhdgbcbefjoapionoc] - C:\Users\ulrike\AppData\Local\eToolKit\Beemp3.crx
CHR HKLM\...\Chrome\Extension: [dnlhamhiejpiajljicfphhpiahoojipl] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookShare.crx
CHR HKLM\...\Chrome\Extension: [dpmoonohndgmmnlcnjajheaahmnjlbmj] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookStatus.crx
CHR HKLM\...\Chrome\Extension: [eelchhiiipbeleiimmhpdfbagkcjdmdm] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookChat.crx
CHR HKLM\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx
CHR HKLM\...\Chrome\Extension: [fppahmlkambbejgkiidklamcmhealjag] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookLike.crx
CHR HKLM\...\Chrome\Extension: [jchankggehakkafdlalgmfbodgfilnbg] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookMain.crx
CHR HKLM\...\Chrome\Extension: [jedcimnjemkbmkkngncfgfpjgfcapimk] - C:\Users\ulrike\AppData\Local\eToolKit\Extmanager.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-01-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-01-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [565472 2013-01-14] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [293968 2009-04-27] (Dell Inc.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812392 2009-06-26] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [26984 2009-06-26] (Broadcom Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [382752 2009-07-16] (Dell Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1019904 2009-06-03] (Wave Systems Corp.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 SMManager; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [76288 2009-10-05] (Smith Micro Software, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe [221266 2009-08-01] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1622016 2009-06-11] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

S3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R3 ASAPIW2K; C:\Windows\System32\Drivers\ASAPIW2K.sys [11264 2003-11-28] (Pinnacle Systems GmbH)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83944 2012-11-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [134336 2012-11-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36552 2012-11-22] (Avira Operations GmbH & Co. KG)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-06-26] (Broadcom Corporation)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277440 2008-09-18] (Creative Technology Ltd.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [49152 2009-07-01] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38400 2009-07-05] (REDC)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [45240 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [441608 2011-11-17] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [277576 2011-11-17] (Paragon)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [200192 2009-07-27] (Wave Systems Corp.)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\Users\ulrike\AppData\Local\Temp\catchme.sys [x]
S3 CtAudDrv; \??\C:\Windows\system32\Drivers\CtAudDrv.sys [x]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [x]
S3 NvtSp50; System32\Drivers\NvtSp50.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-23 13:40 - 2013-12-23 13:40 - 00024605 _____ C:\Users\ulrike\Desktop\FRST.txt
2013-12-23 13:40 - 2013-12-23 13:40 - 00000000 ____D C:\FRST
2013-12-23 13:38 - 2013-12-23 13:38 - 01061231 _____ (Farbar) C:\Users\ulrike\Desktop\FRST.exe
2013-12-23 13:36 - 2013-12-23 13:39 - 00000474 _____ C:\Users\ulrike\Desktop\defogger_disable.log
2013-12-23 13:36 - 2013-12-23 13:36 - 00000000 _____ C:\Users\ulrike\defogger_reenable
2013-12-23 13:35 - 2013-12-23 13:35 - 00050477 _____ C:\Users\ulrike\Desktop\Defogger.exe
2013-12-23 08:30 - 2013-12-23 08:30 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 08:30 - 2013-12-23 08:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-23 08:30 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-23 08:28 - 2013-12-23 08:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ulrike\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-21 19:46 - 2013-12-21 19:47 - 00000000 ____D C:\Users\ulrike\Desktop\baby
2013-12-20 21:29 - 2013-12-20 21:29 - 00151760 _____ C:\Windows\Minidump\122013-27315-01.dmp
2013-12-20 20:27 - 2013-12-21 19:44 - 00010025 _____ C:\Users\ulrike\Desktop\eiweiÃŸreich.odt
2013-12-20 15:04 - 2013-12-20 15:04 - 00000058 _____ C:\Users\ulrike\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\Documents\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\ProgramData\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Program Files\ScreenshotCaptor
2013-12-17 17:39 - 2013-12-18 21:32 - 00000000 ____D C:\Users\ulrike\Desktop\2013-10_marpa_house
2013-12-17 08:56 - 2013-12-17 08:57 - 00000000 ____D C:\Users\ulrike\Desktop\ah
2013-12-15 13:41 - 2013-12-15 13:48 - 00000000 ____D C:\Users\ulrike\Desktop\festung
2013-12-14 23:00 - 2013-12-14 23:00 - 00017708 _____ C:\Users\ulrike\Desktop\kÃ¼rbiskerne.odt
2013-12-11 18:03 - 2013-12-23 13:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 18:03 - 2013-12-11 18:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 18:03 - 2013-12-11 18:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 15:53 - 2013-12-11 15:53 - 08641416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-12-11 13:53 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 13:53 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 13:53 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 13:53 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 13:53 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 13:53 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 13:53 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 13:53 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 13:53 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 13:53 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 13:53 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 13:53 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 13:53 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 13:53 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 13:53 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 13:53 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 13:53 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 13:53 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 13:53 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 13:39 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 13:39 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 13:28 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 13:28 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 13:28 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 13:28 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 13:28 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 13:28 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 13:28 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 13:28 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 13:28 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 13:28 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 13:28 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 18:40 - 2013-12-09 18:40 - 00265732 _____ C:\Windows\system32\~.tmp
2013-12-04 08:50 - 2013-12-13 23:22 - 00000000 ____D C:\Users\ulrike\Desktop\transkrib
2013-11-26 16:55 - 2013-11-26 16:55 - 00534744 _____ C:\Program Files\noscript-2.6.8.5.xpi
2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\Program Files\wot-latest1030
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\WinPatrol
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Program Files\BillP Studios
2013-11-26 16:44 - 2013-11-26 16:44 - 00000000 ____D C:\ProgramData\InstallMate

==================== One Month Modified Files and Folders =======

2013-12-23 13:40 - 2013-12-23 13:40 - 00024605 _____ C:\Users\ulrike\Desktop\FRST.txt
2013-12-23 13:40 - 2013-12-23 13:40 - 00000000 ____D C:\FRST
2013-12-23 13:39 - 2013-12-23 13:36 - 00000474 _____ C:\Users\ulrike\Desktop\defogger_disable.log
2013-12-23 13:38 - 2013-12-23 13:38 - 01061231 _____ (Farbar) C:\Users\ulrike\Desktop\FRST.exe
2013-12-23 13:38 - 2010-02-17 17:49 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Skype
2013-12-23 13:36 - 2013-12-23 13:36 - 00000000 _____ C:\Users\ulrike\defogger_reenable
2013-12-23 13:36 - 2010-01-28 09:33 - 00000000 ____D C:\Users\ulrike
2013-12-23 13:35 - 2013-12-23 13:35 - 00050477 _____ C:\Users\ulrike\Desktop\Defogger.exe
2013-12-23 13:29 - 2010-01-31 23:27 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 13:16 - 2013-12-11 18:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 08:37 - 2013-09-16 20:38 - 00000000 ____D C:\Users\ulrike\AppData\Local\Windows Live
2013-12-23 08:33 - 2009-07-14 05:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 08:33 - 2009-07-14 05:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 08:31 - 2009-07-14 05:55 - 01854417 _____ C:\Windows\WindowsUpdate.log
2013-12-23 08:30 - 2013-12-23 08:30 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 08:30 - 2013-12-23 08:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-23 08:29 - 2013-12-23 08:28 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ulrike\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-23 08:26 - 2013-03-15 09:02 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Dropbox
2013-12-23 08:26 - 2011-01-14 08:08 - 00000000 ___RD C:\Users\ulrike\Dropbox
2013-12-23 08:25 - 2010-01-31 23:27 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-23 08:24 - 2013-03-22 16:57 - 00066872 _____ C:\Windows\setupact.log
2013-12-23 08:24 - 2011-12-20 21:27 - 00000000 ____D C:\ProgramData\McAfee
2013-12-23 08:24 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 23:25 - 2013-03-22 16:56 - 00087566 _____ C:\Windows\PFRO.log
2013-12-22 16:08 - 2012-11-15 16:32 - 00000000 ____D C:\Users\ulrike\Desktop\kontakte
2013-12-22 15:22 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-12-22 14:53 - 2010-08-15 10:45 - 00000000 ____D C:\Program Files\XMedia Recode
2013-12-22 14:51 - 2010-03-15 23:00 - 00000000 ____D C:\Program Files\NCH Software
2013-12-22 14:38 - 2013-11-18 16:43 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-22 14:38 - 2013-02-19 20:51 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-12-22 14:37 - 2012-01-04 21:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DVDVideoSoft
2013-12-22 08:51 - 2010-02-17 17:48 - 00000000 ___RD C:\Program Files\Skype
2013-12-22 08:51 - 2010-02-17 17:48 - 00000000 ____D C:\ProgramData\Skype
2013-12-22 08:47 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-21 20:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-21 19:47 - 2013-12-21 19:46 - 00000000 ____D C:\Users\ulrike\Desktop\baby
2013-12-21 19:44 - 2013-12-20 20:27 - 00010025 _____ C:\Users\ulrike\Desktop\eiweiÃŸreich.odt
2013-12-21 15:24 - 2010-01-22 14:42 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 21:29 - 2013-12-20 21:29 - 00151760 _____ C:\Windows\Minidump\122013-27315-01.dmp
2013-12-20 21:29 - 2013-10-06 16:42 - 00000000 ____D C:\Windows\Minidump
2013-12-20 15:04 - 2013-12-20 15:04 - 00000058 _____ C:\Users\ulrike\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\Documents\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\ProgramData\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Program Files\ScreenshotCaptor
2013-12-18 21:32 - 2013-12-17 17:39 - 00000000 ____D C:\Users\ulrike\Desktop\2013-10_marpa_house
2013-12-17 08:57 - 2013-12-17 08:56 - 00000000 ____D C:\Users\ulrike\Desktop\ah
2013-12-15 13:48 - 2013-12-15 13:41 - 00000000 ____D C:\Users\ulrike\Desktop\festung
2013-12-14 23:54 - 2011-03-23 20:29 - 00000234 _____ C:\Windows\Brownie.ini
2013-12-14 23:00 - 2013-12-14 23:00 - 00017708 _____ C:\Users\ulrike\Desktop\kÃ¼rbiskerne.odt
2013-12-13 23:22 - 2013-12-04 08:50 - 00000000 ____D C:\Users\ulrike\Desktop\transkrib
2013-12-13 23:19 - 2010-01-31 20:08 - 00000000 ____D C:\Users\ulrike\Documents\privat
2013-12-13 23:10 - 2013-11-12 18:12 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-13 23:10 - 2010-01-30 12:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-13 17:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-11 18:03 - 2013-12-11 18:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 18:03 - 2013-12-11 18:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:03 - 2010-01-31 18:39 - 00000000 ____D C:\Users\ulrike\AppData\Local\Adobe
2013-12-11 15:55 - 2010-01-28 14:37 - 00000000 ____D C:\Program Files\Adobe
2013-12-11 15:55 - 2010-01-22 14:33 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-11 15:53 - 2013-12-11 15:53 - 08641416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-12-11 15:46 - 2012-04-26 06:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 15:44 - 2013-09-30 21:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-11 14:08 - 2009-07-14 05:33 - 00495888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 14:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 13:55 - 2013-02-22 10:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 13:47 - 2013-08-14 21:22 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 13:43 - 2010-01-28 10:40 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-09 18:40 - 2013-12-09 18:40 - 00265732 _____ C:\Windows\system32\~.tmp
2013-12-07 22:16 - 2013-09-13 07:31 - 00000000 ____D C:\Users\ulrike\Desktop\gartentrÃ¤ume-zoo
2013-11-26 16:55 - 2013-11-26 16:55 - 00534744 _____ C:\Program Files\noscript-2.6.8.5.xpi
2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\Program Files\wot-latest1030
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\WinPatrol
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Program Files\BillP Studios
2013-11-26 16:44 - 2013-11-26 16:44 - 00000000 ____D C:\ProgramData\InstallMate
2013-11-26 11:11 - 2013-12-11 13:53 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 10:23 - 2013-12-11 13:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 10:22 - 2013-12-11 13:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 09:53 - 2013-12-11 13:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:52 - 2013-12-11 13:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:38 - 2013-12-11 13:53 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:38 - 2013-12-11 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:36 - 2013-12-11 13:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:32 - 2013-12-11 13:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:29 - 2013-12-11 13:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:29 - 2013-12-11 13:53 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:28 - 2013-12-11 13:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:16 - 2013-12-11 13:53 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:13 - 2013-12-11 13:53 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 08:32 - 2013-12-11 13:53 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:26 - 2013-12-11 13:53 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 07:34 - 2013-12-11 13:53 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:33 - 2013-12-11 13:53 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:27 - 2013-12-11 13:53 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-25 22:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-25 18:32 - 2012-02-19 18:33 - 00000000 ____D C:\Users\ulrike\AppData\Local\www.rene-zeidler.de
2013-11-24 15:02 - 2011-04-25 17:31 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\vlc
2013-11-23 19:26 - 2013-12-11 13:28 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

Some content of TEMP:
====================
C:\Users\ulrike\AppData\Local\temp\0306791387751441mcinst.exe
C:\Users\ulrike\AppData\Local\temp\prismsetup.exe
C:\Users\ulrike\AppData\Local\temp\SpeedAnalysisSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-25 22:07

==================== End Of Log ============================

Code:

ATTFilter

ï»¿Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2013 01
Ran by ulrike at 2013-12-23 13:41:03
Running from C:\Users\ulrike\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510gm_Help (Version: 000.0.439.000)
4500G510gm (Version: 000.0.423.000)
4500G510gm_Software_Min (Version: 000.0.423.000)
7-Zip 9.30 alpha
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Photoshop Elements 7.0 (Version: 7.0)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3)
All Day Battery Life Configuration (Version: 1.1.0)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ASAPI (Version: 6.0.0)
Ashampoo Burning Studio Elements 10.0.9 (Version: 3.1.1)
avast! Ad Blocker (Version: 1.0.0.0)
avast! Free Antivirus (Version: 8.0.1489.0)
BioAPI Framework (Version: 1.0.1)
Bonjour (Version: 3.0.0.10)
Brother HL-2030 (Version: 1.00)
BufferChm (Version: 130.0.331.000)
Canon Utilities CameraWindow DC 8 (Version: 8.7.0.11)
Canon Utilities ImageBrowser EX (Version: 1.2.1.13)
Canon Utilities PhotoStitch (Version: 3.1.23.47)
CDBurnerXP (Version: 4.5.2.4291)
D3DX10 (Version: 15.4.2368.0902)
DCP32MMWrapper (Version: 1.6.334.60)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Dell Control Point (Version: 1.6.334.60)
Dell ControlPoint Connection Manager (Version: 1.3.1)
Dell ControlPoint Security Manager (Version: 1.6.334.60)
Dell ControlPoint System Manager (Version: 1.3.00000)
Dell ControlVault Host Components Installer (Version: 1.7.324.55)
Dell Driver Download Manager (HKCU Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Embassy Trust Suite by Wave Systems (Version: 03.04.00.063)
Dell Security Device Driver Pack (Version: 1.3.039)
Dell Touchpad (Version: 7.2.101.228)
Destinations (Version: 140.0.77.000)
DevalVR plugin for Netscape and compatible browsers
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Document Manager Lite (Version: 06.09.00.121)
Dropbox (HKCU Version: 2.0.22)
DVD Shrink 3.2 deutsch (DeCSS-frei)
EMBASSY Security Center (Version: 03.09.00.092)
EMBASSY Security Setup (Version: 03.09.00.102)
ESC Home Page Plugin (Version: 03.04.00.029)
Express Burn
Express Dictate
Express Scribe
f.lux
f4 2012
Fax (Version: 130.0.418.000)
Free Audio CD to MP3 Converter version 1.3.12.1228 (Version: 1.3.12.1228)
Free DVD Video Converter version 2.0.13.1212 (Version: 2.0.13.1212)
Free Video Dub version 2.0.21.827 (Version: 2.0.21.827)
Free YouTube Download version 3.2.18.1128 (Version: 3.2.18.1128)
Free YouTube to MP3 Converter version 3.12.17.1127 (Version: 3.12.17.1127)
Gemalto (Version: 01.01.00.0000)
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (Version: 31.0.1650.63)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.3)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.005.000.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Integrated Webcam Driver (1.03.02.0919)  
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 14.6.9.0 (Version: 14.6.9.0)
Intel(R) TV Wizard
IntelÂ® Matrix Storage Manager
Junk Mail filter update (Version: 16.4.3505.0912)
MAGIX Audio Cleaning Lab 16 deluxe (Version: 16.0.0.0)
MAGIX Speed burnR (Version: 6.0.1.4)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Rechner-Plus (Version: 1.0.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft-Maus- und Tastatur-Center (Version: 2.0.162.0)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Network (Version: 130.0.374.000)
NTRU TCG Software Stack (Version: 2.1.29)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenOffice 4.0.1 (Version: 4.01.9714)
Outils de vÃ©rification linguistique 2013 de Microsoft OfficeÂ*- FranÃ§ais (Version: 15.0.4420.1017)
Paragon Backup & Recoveryâ„¢ 2012 Free (Version: 90.00.0003)
PDF24 Creator 5.3.0
PDFCreator (Version: 1.2.0)
PDF-Viewer (Version: 2.5.211.0)
PowerDVD DX (Version: 8.3.5424)
Preboot Manager (Version: 02.09.00.071)
Private Information Manager (Version: 06.04.00.047)
QuickTime (Version: 7.74.80.86)
RealUpgrade 1.0 (Version: 1.0.0)
SA30xx Media Converter (Version: 1.1.5.1007)
Scan (Version: 140.0.80.000)
Screenshot Captor 4.8
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Secure Eraser (Version: 4.2.0.1)
Security Wizards (Version: 01.07.00.016)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (Version: 6.3.11079)
Skypeâ„¢ 6.11 (Version: 6.11.102)
SmartWebPrinting (Version: 130.0.373.000)
SO32MMWrapper (Version: 1.6.334.60)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Trusted Drive Manager (Version: 3.1.0.116)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition
Update for Microsoft Word 2013 (KB2850060) 32-Bit Edition
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.1.1 (Version: 2.1.1)
Wave Infrastructure Installer (Version: 07.00.21.0000)
Wave Support Software (Version: 05.10.00.046)
WavePad Audiobearbeitungs-Software
WebReg (Version: 130.0.132.017)
WIDCOMM Bluetooth Software (Version: 6.2.1.100)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)
WinPatrol (Version: 29.0.2013)
XMedia Recode 2.2.5.8 (Version: 2.2.5.8)
XMedia Recode Version 3.1.4.9 (Version: 3.1.4.9)

==================== Restore Points  =========================

10-12-2013 07:58:27 Windows Update
11-12-2013 12:36:09 Windows Update
11-12-2013 14:21:26 Windows Update
11-12-2013 14:56:15 Removed Adobe Flash Player 11 Plugin.
13-12-2013 22:06:18 Removed iTunes
13-12-2013 22:13:38 Removed WIDCOMM Bluetooth Software
17-12-2013 07:50:27 Windows Update
22-12-2013 13:43:28 TuneUp Utilities 2014 wird entfernt
22-12-2013 13:44:48 TuneUp Utilities 2014 (de-DE) wird entfernt

==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-08-31 20:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0B4C92F7-4F04-412B-A155-DB05DCE26636} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-289800921-2288194260-3485654390-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {22E721D6-ABFA-456C-9332-A4717C08F12B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {2A71037E-736B-45E8-90E8-F32B32EFDECB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {2EA70800-A987-43DC-8D8C-4E7B0268AA8D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {31472746-6047-495D-8246-1298074EF57D} - System32\Tasks\NCH Software\ExpressBurnReminder => C:\Program Files\NCH Software\ExpressBurn\expressburn.exe [2012-09-15] (NCH Software)
Task: {3A182F09-12FB-4BB8-A39D-4A73C319ADC4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {3AE5FE89-A1B2-4002-B7AB-2CE5ECCBC910} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {4DD32D03-C05C-48C5-91BE-C943E0056E6D} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe
Task: {63B0DC69-5D20-4419-A40E-246A236F4936} - System32\Tasks\{48FE6037-9EA9-484A-B752-6263D3787571} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {6BE321CC-8D7E-4BB0-85E5-3063FF48A121} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {71C4E435-EDBC-4AF3-BA15-6A4F587760F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2012-11-02] (Microsoft)
Task: {8081DB32-E7E3-4682-A117-0F2108E50A3E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-289800921-2288194260-3485654390-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {84333D4D-1683-4E27-B80D-94BD74EA3CE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9C34C630-D950-44AE-890C-2B6CC2589265} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {A2DDDEB8-6CAC-4936-A712-1A39994CDFFC} - System32\Tasks\NCH Software\scribeShakeIcon => C:\Program Files\NCH Software\Scribe\scribe.exe [2013-01-17] (NCH Software)
Task: {ABB27C21-1E87-4F1A-8BBB-AEDE1C22FB2B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {AC36F7C9-F8A2-4787-86AA-D16A4A19DD4F} - System32\Tasks\{29F12D92-9D2B-4269-A005-BAAA29A43780} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179&amp;LastError=12007
Task: {D06B7EF4-FFAD-4D71-9330-BB6BDE6AB8BB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ulrike-PC-ulrike ulrike-PC => C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE [2013-11-08] (Microsoft Corporation)
Task: {E281230E-84D2-47AA-8CEA-D25A46D68C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.)
Task: {E94EDB73-02FE-4698-BC9C-D248B9A5F853} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\microsoft shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {E9C0E132-4766-4A24-AD09-9651EC4C1FC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-26 16:45 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2013-03-23 15:12 - 2013-01-29 19:45 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\ulrike\AppData\Roaming\Dropbox\bin\libcef.dll
2009-06-03 12:07 - 2009-06-03 12:07 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 13:29 - 2008-11-12 13:29 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll
2013-09-30 21:02 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2013 09:02:39 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/23/2013 08:34:44 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (12/22/2013 08:51:50 PM) (Source: Application Hang) (User: )
Description: Programm Skype.exe, Version 6.11.0.102 kann nicht mehr unter Windows ausgefÃ¼hrt werden und wurde beendet. ÃœberprÃ¼fen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b14

Startzeit: 01cefeea915b3331

Endzeit: 349

Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe

Berichts-ID: 77e6f736-6b42-11e3-bcd7-0026b99a8d83

Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2734698

Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2734698

Error: (12/22/2013 08:49:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/22/2013 07:00:03 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungÃ¼ltig. ÃœberprÃ¼fen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5289

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5289

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/23/2013 08:25:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhÃ¤ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053

Error: (12/23/2013 08:25:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/23/2013 08:25:11 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht.

Error: (12/23/2013 08:24:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/23/2013 08:24:36 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht.

Error: (12/23/2013 08:24:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhÃ¤ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (12/22/2013 11:26:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/22/2013 11:26:18 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.

Error: (12/22/2013 11:25:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhÃ¤ngig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053

Error: (12/22/2013 11:25:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (12/23/2013 09:02:39 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/23/2013 08:34:44 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418231

Error: (12/22/2013 08:51:50 PM) (Source: Application Hang)(User: )
Description: Skype.exe6.11.0.102b1401cefeea915b3331349C:\Program Files\Skype\Phone\Skype.exe77e6f736-6b42-11e3-bcd7-0026b99a8d83

Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2734698

Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2734698

Error: (12/22/2013 08:49:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/22/2013 07:00:03 PM) (Source: Windows Backup)(User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungÃ¼ltig. ÃœberprÃ¼fen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5289

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5289

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 3535.9 MB
Available physical RAM: 1767.71 MB
Total Pagefile: 7070.09 MB
Available Pagefile: 5024.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.4 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:231.89 GB) (Free:18.12 GB) NTFS
Drive d: (05 Jan 2013) (CDROM) (Total:4.38 GB) (Free:4.37 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=267 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-23 15:44:42
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925041 rev.0004 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ulrike\AppData\Local\Temp\uwdirpod.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                                               82A56A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                 82A90212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

Device          \FileSystem\fastfat \Fat                                                                                                                               9BBB2130

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                               fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5fb327c                                                                            
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5fb327c (not active ControlSet)                                                        
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\ulrike\Desktop\f\xb3r_ryder\uninstall.exe  1

---- EOF - GMER 2.1 ----

cosinus · 23.12.2013, 17:00

Hi,

Zitat:

Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)

Gewerblich genutztes System?

Zitat:

gestern findet qickscan MBAM mit open candy befallene Dateien und elimiert sie erfolgreich. Habe das logfile leider nicht gespeichert.

Aber sicher doch. Lesen => http://www.trojaner-board.de/125889-...tml#post941520

ulrika7 · 23.12.2013, 18:16

hallo cosinus,

vielen Dank für die Antwort!!
Nein, ich habe kein Gewerbe. Hab' schon 2x super Hilfe bei euch bekommen und weiß deshalb schon ein bisschen, wie es funktioniert.
Folgendes logfile habe ich danke deiner Anweisung tatsächlich gefunden

Code:

ATTFilter

ÿþM#a#l#w#a#r#e#b#y#t#e#s# #A#n#t#i#-#M#a#l#w#a#r#e# #1#.#7#5#.#0#.#1#3#0#0#e#r#s#\#u#l#r#i#k#e#\#A#p#p#D#a#t#a#\#R#o#a#m#i#n#g#\#O#p#e#n#C#a#n#d#y#\#7#0#6#3#F#E#0#B#5#8#8#5#4#8#7#F#8#F#9#0#9#6#B#6#7#F#0#B#C#0#0#C#\#S#e#t#u#p#1#0#0#4#7#3#2#_#D#E#-#1#.#e#x#e# #(#P#U#P#.#O#p#t#i#o#n#a#l#.#O#p#e#n#C#a#n#d#y#)# #-#># #E#r#f#o#l#g#r#e#i#c#h# #g#e#l#ö#s#c#h#t# #u#n#d# #i#n# #Q#u#a#r#a#n#t#ä#n#e# #g#e#s#t#e#l#l#t#.#

DANKE und schöne Grüße
Ulrika

cosinus · 23.12.2013, 23:07

Wasndas für ein Zeichenbreit?

Bitte öffne das Log mit MS-Notepad (notepad.exe) oder Notepad++

ulrika7 · 24.12.2013, 00:01

oh je

, cosinus, sorry, hier jetzt lesbar

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.22.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ulrike :: ULRIKE-PC [Administrator]

22.12.2013 23:04:14
mbam-log-2013-12-22 (23-04-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234572
Laufzeit: 15 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Users\ulrike\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\7063FE0B5885487F8F9096B67F0BC00C (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\9C6B0E2199834D36B1E386DCA2669402 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\A6892CF7BEBF40F4995E891D48C5D7DE (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 8
C:\Users\ulrike\AppData\Roaming\OpenCandy\7063FE0B5885487F8F9096B67F0BC00C\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\A6892CF7BEBF40F4995E891D48C5D7DE\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\is-268IN.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\7063FE0B5885487F8F9096B67F0BC00C\Setup1004732_DE-1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\7063FE0B5885487F8F9096B67F0BC00C\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\9C6B0E2199834D36B1E386DCA2669402\Setupsft_chr_p1v7.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\A6892CF7BEBF40F4995E891D48C5D7DE\saSetup.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\A6892CF7BEBF40F4995E891D48C5D7DE\saSetup_Stp1v6.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.26.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
ulrike :: ULRIKE-PC [Administrator]

26.11.2013 16:08:29
mbam-log-2013-11-26 (16-08-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235376
Laufzeit: 19 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 7
C:\Users\ulrike\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\6C0495113CDC42D5A99E4415726B09C2 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\ct2801937 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\CT3282494 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\CT3282494\xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\CT3282494\xpi\defaults (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\CT3282494\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 11
C:\Users\ulrike\AppData\Local\temp\ct2801937\ctbe.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\ct2801937\ffLogic.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\ct2801937\statisticsStub.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Roaming\OpenCandy\6C0495113CDC42D5A99E4415726B09C2\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\ct2801937\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\ct2801937\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\CT3282494\conduit.xml (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\CT3282494\CT3282494.xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\CT3282494\version.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\CT3282494\xpi\install.rdf (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ulrike\AppData\Local\temp\CT3282494\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 24.12.2013, 00:06

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ulrika7 · 24.12.2013, 10:29

hi cosinus,
hier die Resultate.
Bei FRST entstand (anders als gestern) nur ein Logfile und kein Additional.txt. Ich hoffe, es passt so!
Vielen lieben Dank für deinen Einsatz und schöne Weihnachten
Ulrika
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 31/08/2013 at 22:44:23
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : ulrike - ULRIKE-PC
# Running from : C:\Users\ulrike\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\ulrike\AppData\Roaming\DesktopIconForAmazon
Folder Deleted : C:\Users\ulrike\AppData\Roaming\OCS
File Deleted : C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader67434(2)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader67434(2)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_intervideo-dvd-copy_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_intervideo-dvd-copy_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\prefs.js ]

Line Deleted : user_pref("extensions.enabledItems", "linkuryfirefoxremoteplugin@linkury.com:1.0,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1,pdfforge@mybrowserbar.com:4.3,wtxpcom@mybrowserbar.com:4.3,{972ce4c6-7e08-[...]

-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [9133 octets] - [31/08/2013 22:41:59]
AdwCleaner[S0].txt - [8911 octets] - [31/08/2013 22:44:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8971 octets] ##########

--- --- ---
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.016 - Bericht erstellt am 24/12/2013 um 09:39:21
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : ulrike - ULRIKE-PC
# Gestartet von : C:\Users\ulrike\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Users\ulrike\AppData\Roaming\NCH Software
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\NCH Software

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31472746-6047-495D-8246-1298074EF57D}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2DDDEB8-6CAC-4936-A712-1A39994CDFFC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\NCH Software
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\NCH Software
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\prefs.js ]

Zeile gelöscht : user_pref("CT3282494.FF19Solved", "true");
Zeile gelöscht : user_pref("CT3282494.UserID", "UN16195993051956519");
Zeile gelöscht : user_pref("CT3282494.browser.search.defaultthis.engineName", "true");
Zeile gelöscht : user_pref("CT3282494.fullUserID", "UN16195993051956519.IN.20131025220121");
Zeile gelöscht : user_pref("CT3282494.installDate", "25/10/2013 22:01:27");
Zeile gelöscht : user_pref("CT3282494.installSessionId", "-1");
Zeile gelöscht : user_pref("CT3282494.installSp", "FALSE");
Zeile gelöscht : user_pref("CT3282494.installerVersion", "1.8.0.14");
Zeile gelöscht : user_pref("CT3282494.keyword", "true");
Zeile gelöscht : user_pref("CT3282494.originalHomepage", "hxxp://ecosia.org");
Zeile gelöscht : user_pref("CT3282494.originalSearchAddressUrl", "");
Zeile gelöscht : user_pref("CT3282494.originalSearchEngine", "Ecosia");
Zeile gelöscht : user_pref("CT3282494.originalSearchEngineName", "Ecosia");
Zeile gelöscht : user_pref("CT3282494.searchRevert", "true");
Zeile gelöscht : user_pref("CT3282494.searchUserMode", "1");
Zeile gelöscht : user_pref("CT3282494.smartbar.homepage", "true");
Zeile gelöscht : user_pref("CT3282494.toolbarInstallDate", "25-10-2013 22:01:22");
Zeile gelöscht : user_pref("CT3282494.versionFromInstaller", "10.21.1.7");
Zeile gelöscht : user_pref("CT3282494.xpeMode", "0");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "NCH DE Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&CUI=UN16195993051956519&UM=1&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=4eea3c1a0000000000000024d66b56cb");
Zeile gelöscht : user_pref("extensions.Softonic.id", "4eea3c1a0000000000000024d66b56cb");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16052");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=4eea3c1a0000000000000024d66b56cb");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=4eea3c1a0000000000000024d66b56cb&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.149:15:11");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3282494");
Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282494&CUI=UN16195993051956519&UM=1&SearchSource=13");
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&SearchSource=2&CUI=UN16195993051956519&UM=1&q=");
Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3282494");
Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3282494");
Zeile gelöscht : user_pref("smartbar.machineId", "9ZBIHYP5NXUNV+XNJDWDDEYEWZBT/RUY4F2VAOMUBII4COMP61HNP48Q46LAJIUDKQNVZJZ3LWFL0YNBKR7IPA");

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : search_url
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [19176 octets] - [31/08/2013 21:41:59]
AdwCleaner[S0].txt - [18877 octets] - [31/08/2013 21:44:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18938 octets] ##########

[/CODE]
--- --- ---
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 31/08/2013 at 22:41:59
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : ulrike - ULRIKE-PC
# Running from : C:\Users\ulrike\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Folder Found C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Found C:\Program Files\Iminent
Folder Found C:\ProgramData\Uniblue\DriverScanner
Folder Found C:\Users\ulrike\AppData\Roaming\DesktopIconForAmazon
Folder Found C:\Users\ulrike\AppData\Roaming\OCS

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_intervideo-dvd-copy_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_intervideo-dvd-copy_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_xrecode-ii_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader67434(2)_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader67434(2)_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Uniblue\DriverScanner

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\prefs.js ]

Line Found : user_pref("extensions.enabledItems", "linkuryfirefoxremoteplugin@linkury.com:1.0,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1,pdfforge@mybrowserbar.com:4.3,wtxpcom@mybrowserbar.com:4.3,{972ce4c6-7e08-[...]

-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : search_url
Found : suggest_url

*************************

AdwCleaner[R0].txt - [8993 octets] - [31/08/2013 22:41:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9053 octets] ##########

--- --- ---
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.016 - Bericht erstellt am 24/12/2013 um 09:27:51
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : ulrike - ULRIKE-PC
# Gestartet von : C:\Users\ulrike\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\searchplugins\softonic.xml
Datei Gefunden : C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\NCH Software
Ordner Gefunden C:\Program Files\NCH Software
Ordner Gefunden C:\ProgramData\NCH Software
Ordner Gefunden C:\Users\ulrike\AppData\Roaming\NCH Software

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\NCH Software
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31472746-6047-495D-8246-1298074EF57D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2DDDEB8-6CAC-4936-A712-1A39994CDFFC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Schlüssel Gefunden : HKLM\Software\NCH Software
Schlüssel Gefunden : HKLM\Software\Uniblue
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=4eea3c1a0000000000000024d66b56cb

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\prefs.js ]

Zeile gefunden : user_pref("CT3282494.FF19Solved", "true");
Zeile gefunden : user_pref("CT3282494.UserID", "UN16195993051956519");
Zeile gefunden : user_pref("CT3282494.browser.search.defaultthis.engineName", "true");
Zeile gefunden : user_pref("CT3282494.fullUserID", "UN16195993051956519.IN.20131025220121");
Zeile gefunden : user_pref("CT3282494.installDate", "25/10/2013 22:01:27");
Zeile gefunden : user_pref("CT3282494.installSessionId", "-1");
Zeile gefunden : user_pref("CT3282494.installSp", "FALSE");
Zeile gefunden : user_pref("CT3282494.installerVersion", "1.8.0.14");
Zeile gefunden : user_pref("CT3282494.keyword", "true");
Zeile gefunden : user_pref("CT3282494.originalHomepage", "hxxp://ecosia.org");
Zeile gefunden : user_pref("CT3282494.originalSearchAddressUrl", "");
Zeile gefunden : user_pref("CT3282494.originalSearchEngine", "Ecosia");
Zeile gefunden : user_pref("CT3282494.originalSearchEngineName", "Ecosia");
Zeile gefunden : user_pref("CT3282494.searchRevert", "true");
Zeile gefunden : user_pref("CT3282494.searchUserMode", "1");
Zeile gefunden : user_pref("CT3282494.smartbar.homepage", "true");
Zeile gefunden : user_pref("CT3282494.toolbarInstallDate", "25-10-2013 22:01:22");
Zeile gefunden : user_pref("CT3282494.versionFromInstaller", "10.21.1.7");
Zeile gefunden : user_pref("CT3282494.xpeMode", "0");
Zeile gefunden : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gefunden : user_pref("browser.search.defaultthis.engineName", "NCH DE Customized Web Search");
Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&CUI=UN16195993051956519&UM=1&SearchSource=3&q={searchTerms}");
Zeile gefunden : user_pref("extensions.Softonic.admin", false);
Zeile gefunden : user_pref("extensions.Softonic.aflt", "OC");
Zeile gefunden : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gefunden : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gefunden : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gefunden : user_pref("extensions.Softonic.dnsErr", true);
Zeile gefunden : user_pref("extensions.Softonic.excTlbr", false);
Zeile gefunden : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gefunden : user_pref("extensions.Softonic.hmpg", true);
Zeile gefunden : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=4eea3c1a0000000000000024d66b56cb");
Zeile gefunden : user_pref("extensions.Softonic.id", "4eea3c1a0000000000000024d66b56cb");
Zeile gefunden : user_pref("extensions.Softonic.instlDay", "16052");
Zeile gefunden : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gefunden : user_pref("extensions.Softonic.newTab", true);
Zeile gefunden : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=4eea3c1a0000000000000024d66b56cb");
Zeile gefunden : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gefunden : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gefunden : user_pref("extensions.Softonic.rvrt", "false");
Zeile gefunden : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gefunden : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gefunden : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gefunden : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=4eea3c1a0000000000000024d66b56cb&q=");
Zeile gefunden : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gefunden : user_pref("extensions.Softonic.vrsnTs", "1.8.21.149:15:11");
Zeile gefunden : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
Zeile gefunden : user_pref("smartbar.addressBarOwnerCTID", "CT3282494");
Zeile gefunden : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282494&CUI=UN16195993051956519&UM=1&SearchSource=13");
Zeile gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&SearchSource=2&CUI=UN16195993051956519&UM=1&q=");
Zeile gefunden : user_pref("smartbar.defaultSearchOwnerCTID", "CT3282494");
Zeile gefunden : user_pref("smartbar.homePageOwnerCTID", "CT3282494");
Zeile gefunden : user_pref("smartbar.machineId", "9ZBIHYP5NXUNV+XNJDWDDEYEWZBT/RUY4F2VAOMUBII4COMP61HNP48Q46LAJIUDKQNVZJZ3LWFL0YNBKR7IPA");

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : homepage
Gefunden : search_url
Gefunden : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18974 octets] - [31/08/2013 21:41:59]
AdwCleaner[S0].txt - [9051 octets] - [31/08/2013 21:44:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19095 octets] ##########

[/CODE]
--- --- ---

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by ulrike on 24.12.2013 at  9:54:52,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-289800921-2288194260-3485654390-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56AB6DB6-BC28-4343-A0D3-A80203D8CC86}



~~~ Files



~~~ Folders



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\toolkitsearch.xml"
Emptied folder: C:\Users\ulrike\AppData\Roaming\mozilla\firefox\profiles\z8ekacuv.default\minidumps [162 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.12.2013 at  9:58:51,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[CODE]ï»¿
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2013
Ran by ulrike (administrator) on ULRIKE-PC on 24-12-2013 10:20:37
Running from C:\Users\ulrike\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Flux Software LLC) C:\Users\ulrike\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-08-01] (IDT, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [656384 2009-06-11] (Dell Inc.)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\5f3d6ac3-5abf-45e0-8524-16c12067374a.exe [180184 2013-11-23] (AVAST Software)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-24] (AVAST Software)
HKCU\...\Run: [F.lux] - C:\Users\ulrike\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKCU\...\Run: [GoogleChromeAutoLaunch_156B29F5313FECB4988F8467F606B4B7] - C:\Program Files\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [456768 2013-10-19] (BillP Studios)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=4eea3c1a0000000000000024d66b56cb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {F6F76182-93ED-499D-9491-EEFAEC99A3BC} URL = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///D:/viewer/ORDcmViewCD.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6A29D2DF-4ED9-4558-9A3C-8468D7C85B2E}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default
FF Homepage: hxxp://www.ecosia.org/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\toolkitsearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: S3.Google Translator - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\s3google@translator.xpi
FF Extension: Test Pilot - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: NoScript - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Adblock Plus - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (         "name": "",) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Free Studio) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DevalVR 3D Plugin) - C:\Program Files\Google\Chrome\Application\plugins\npdevalvr.dll (www.devalvr.com)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (avast! Ad Blocker) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0
CHR Extension: (Skype Click to Call) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR HKLM\...\Chrome\Extension: [cljghnkcnkhedlnhdgbcbefjoapionoc] - C:\Users\ulrike\AppData\Local\eToolKit\Beemp3.crx
CHR HKLM\...\Chrome\Extension: [dnlhamhiejpiajljicfphhpiahoojipl] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookShare.crx
CHR HKLM\...\Chrome\Extension: [dpmoonohndgmmnlcnjajheaahmnjlbmj] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookStatus.crx
CHR HKLM\...\Chrome\Extension: [eelchhiiipbeleiimmhpdfbagkcjdmdm] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookChat.crx
CHR HKLM\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx
CHR HKLM\...\Chrome\Extension: [fppahmlkambbejgkiidklamcmhealjag] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookLike.crx
CHR HKLM\...\Chrome\Extension: [jchankggehakkafdlalgmfbodgfilnbg] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookMain.crx
CHR HKLM\...\Chrome\Extension: [jedcimnjemkbmkkngncfgfpjgfcapimk] - C:\Users\ulrike\AppData\Local\eToolKit\Extmanager.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-01-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-01-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [565472 2013-01-14] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-24] (AVAST Software)
R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [293968 2009-04-27] (Dell Inc.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812392 2009-06-26] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [26984 2009-06-26] (Broadcom Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [382752 2009-07-16] (Dell Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1019904 2009-06-03] (Wave Systems Corp.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 SMManager; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [76288 2009-10-05] (Smith Micro Software, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe [221266 2009-08-01] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1622016 2009-06-11] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

S3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R3 ASAPIW2K; C:\Windows\System32\Drivers\ASAPIW2K.sys [11264 2003-11-28] (Pinnacle Systems GmbH)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2013-12-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2013-12-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2013-12-24] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [66752 2013-12-24] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2013-12-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83944 2012-11-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [134336 2012-11-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36552 2012-11-22] (Avira Operations GmbH & Co. KG)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-06-26] (Broadcom Corporation)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277440 2008-09-18] (Creative Technology Ltd.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [49152 2009-07-01] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38400 2009-07-05] (REDC)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [45240 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [441608 2011-11-17] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [277576 2011-11-17] (Paragon)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [200192 2009-07-27] (Wave Systems Corp.)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\Users\ulrike\AppData\Local\Temp\catchme.sys [x]
S3 CtAudDrv; \??\C:\Windows\system32\Drivers\CtAudDrv.sys [x]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [x]
S3 NvtSp50; System32\Drivers\NvtSp50.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-24 10:19 - 2013-12-24 10:20 - 00023419 _____ C:\Users\ulrike\Desktop\FRST.txt
2013-12-24 10:18 - 2013-12-24 10:18 - 01061581 _____ (Farbar) C:\Users\ulrike\Desktop\FRST.exe
2013-12-24 10:12 - 2013-12-24 10:12 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\AVAST Software
2013-12-24 10:09 - 2013-12-24 10:09 - 00002121 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-24 10:09 - 2013-12-24 10:08 - 00066752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2013-12-24 09:58 - 2013-12-24 09:58 - 00001727 _____ C:\Users\ulrike\Desktop\JRT.txt
2013-12-24 09:50 - 2013-12-24 09:51 - 01034531 _____ (Thisisu) C:\Users\ulrike\Desktop\JRT.exe
2013-12-24 09:27 - 2013-12-24 09:27 - 00023135 _____ C:\Users\ulrike\Desktop\trojaner_2013-12-24.odt
2013-12-24 09:22 - 2013-12-24 09:22 - 01233962 _____ C:\Users\ulrike\Desktop\adwcleaner.exe
2013-12-23 23:50 - 2013-12-23 23:50 - 00001027 _____ C:\Users\ulrike\Desktop\Notepad++.lnk
2013-12-23 23:44 - 2013-12-23 23:50 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Notepad++
2013-12-23 23:44 - 2013-12-23 23:44 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-12-23 23:44 - 2013-12-23 23:44 - 00000000 ____D C:\Program Files\Notepad++
2013-12-23 19:19 - 2013-12-23 23:47 - 00000000 ____D C:\Users\ulrike\Desktop\trojaner
2013-12-23 14:57 - 2013-12-23 14:57 - 00148800 _____ C:\Windows\Minidump\122313-27456-01.dmp
2013-12-23 14:40 - 2013-12-23 14:40 - 00148744 _____ C:\Windows\Minidump\122313-28345-01.dmp
2013-12-23 13:40 - 2013-12-23 13:40 - 00000000 ____D C:\FRST
2013-12-23 13:36 - 2013-12-23 13:36 - 00000000 _____ C:\Users\ulrike\defogger_reenable
2013-12-21 19:46 - 2013-12-21 19:47 - 00000000 ____D C:\Users\ulrike\Desktop\baby
2013-12-20 21:29 - 2013-12-20 21:29 - 00151760 _____ C:\Windows\Minidump\122013-27315-01.dmp
2013-12-20 20:27 - 2013-12-21 19:44 - 00010025 _____ C:\Users\ulrike\Desktop\eiweiÃŸreich.odt
2013-12-20 15:04 - 2013-12-23 15:03 - 00000058 _____ C:\Users\ulrike\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\Documents\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\ProgramData\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Program Files\ScreenshotCaptor
2013-12-17 17:39 - 2013-12-18 21:32 - 00000000 ____D C:\Users\ulrike\Desktop\2013-10_marpa_house
2013-12-17 08:56 - 2013-12-17 08:57 - 00000000 ____D C:\Users\ulrike\Desktop\ah
2013-12-15 13:41 - 2013-12-15 13:48 - 00000000 ____D C:\Users\ulrike\Desktop\festung
2013-12-14 23:00 - 2013-12-14 23:00 - 00017708 _____ C:\Users\ulrike\Desktop\kÃ¼rbiskerne.odt
2013-12-11 18:03 - 2013-12-24 10:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 18:03 - 2013-12-11 18:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 18:03 - 2013-12-11 18:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 15:53 - 2013-12-11 15:53 - 08641416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-12-11 13:53 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 13:53 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 13:53 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 13:53 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 13:53 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 13:53 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 13:53 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 13:53 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 13:53 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 13:53 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 13:53 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 13:53 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 13:53 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 13:53 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 13:53 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 13:53 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 13:53 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 13:53 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 13:53 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 13:39 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 13:39 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 13:28 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 13:28 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 13:28 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 13:28 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 13:28 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 13:28 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 13:28 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 13:28 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 13:28 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 13:28 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 13:28 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 18:40 - 2013-12-09 18:40 - 00265732 _____ C:\Windows\system32\~.tmp
2013-12-04 08:50 - 2013-12-13 23:22 - 00000000 ____D C:\Users\ulrike\Desktop\transkrib
2013-11-26 16:55 - 2013-11-26 16:55 - 00534744 _____ C:\Program Files\noscript-2.6.8.5.xpi
2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\Program Files\wot-latest1030
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\WinPatrol
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Program Files\BillP Studios
2013-11-26 16:44 - 2013-11-26 16:44 - 00000000 ____D C:\ProgramData\InstallMate

==================== One Month Modified Files and Folders =======

2013-12-24 10:20 - 2013-12-24 10:19 - 00023419 _____ C:\Users\ulrike\Desktop\FRST.txt
2013-12-24 10:18 - 2013-12-24 10:18 - 01061581 _____ (Farbar) C:\Users\ulrike\Desktop\FRST.exe
2013-12-24 10:18 - 2009-07-14 05:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-24 10:18 - 2009-07-14 05:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-24 10:16 - 2013-12-11 18:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-24 10:15 - 2009-07-14 05:55 - 01916414 _____ C:\Windows\WindowsUpdate.log
2013-12-24 10:13 - 2013-03-15 09:02 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Dropbox
2013-12-24 10:13 - 2011-01-14 08:08 - 00000000 ___RD C:\Users\ulrike\Dropbox
2013-12-24 10:13 - 2010-02-17 17:49 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Skype
2013-12-24 10:12 - 2013-12-24 10:12 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\AVAST Software
2013-12-24 10:11 - 2010-02-01 22:44 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-24 10:11 - 2010-01-31 23:27 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-24 10:11 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-24 10:10 - 2013-03-22 16:57 - 00067264 _____ C:\Windows\setupact.log
2013-12-24 10:10 - 2013-03-22 16:56 - 00215976 _____ C:\Windows\PFRO.log
2013-12-24 10:09 - 2013-12-24 10:09 - 00002121 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-24 10:08 - 2013-12-24 10:09 - 00066752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2013-12-24 10:08 - 2013-03-13 17:59 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-24 10:08 - 2013-03-13 17:59 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-24 10:08 - 2013-03-13 17:59 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-24 10:08 - 2013-03-13 17:59 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-24 10:08 - 2013-03-13 17:59 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-24 10:08 - 2013-03-13 17:59 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-24 10:08 - 2013-03-13 17:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-24 10:08 - 2013-03-08 23:20 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-24 10:05 - 2013-03-08 23:14 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-24 10:05 - 2009-07-14 03:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-12-24 09:58 - 2013-12-24 09:58 - 00001727 _____ C:\Users\ulrike\Desktop\JRT.txt
2013-12-24 09:51 - 2013-12-24 09:50 - 01034531 _____ (Thisisu) C:\Users\ulrike\Desktop\JRT.exe
2013-12-24 09:49 - 2013-08-31 21:41 - 00000000 ____D C:\AdwCleaner
2013-12-24 09:47 - 2010-01-22 14:42 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-24 09:40 - 2013-08-31 21:44 - 00019019 _____ C:\Users\ulrike\Desktop\AdwCleaner[S0].txt
2013-12-24 09:29 - 2010-01-31 23:27 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-24 09:28 - 2013-08-31 21:41 - 00019176 _____ C:\Users\ulrike\Desktop\AdwCleaner[R0].txt
2013-12-24 09:27 - 2013-12-24 09:27 - 00023135 _____ C:\Users\ulrike\Desktop\trojaner_2013-12-24.odt
2013-12-24 09:22 - 2013-12-24 09:22 - 01233962 _____ C:\Users\ulrike\Desktop\adwcleaner.exe
2013-12-23 23:50 - 2013-12-23 23:50 - 00001027 _____ C:\Users\ulrike\Desktop\Notepad++.lnk
2013-12-23 23:50 - 2013-12-23 23:44 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Notepad++
2013-12-23 23:47 - 2013-12-23 19:19 - 00000000 ____D C:\Users\ulrike\Desktop\trojaner
2013-12-23 23:44 - 2013-12-23 23:44 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-12-23 23:44 - 2013-12-23 23:44 - 00000000 ____D C:\Program Files\Notepad++
2013-12-23 21:41 - 2013-09-16 20:38 - 00000000 ____D C:\Users\ulrike\AppData\Local\Windows Live
2013-12-23 15:03 - 2013-12-20 15:04 - 00000058 _____ C:\Users\ulrike\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-12-23 14:57 - 2013-12-23 14:57 - 00148800 _____ C:\Windows\Minidump\122313-27456-01.dmp
2013-12-23 14:57 - 2013-10-06 16:42 - 00000000 ____D C:\Windows\Minidump
2013-12-23 14:40 - 2013-12-23 14:40 - 00148744 _____ C:\Windows\Minidump\122313-28345-01.dmp
2013-12-23 13:40 - 2013-12-23 13:40 - 00000000 ____D C:\FRST
2013-12-23 13:36 - 2013-12-23 13:36 - 00000000 _____ C:\Users\ulrike\defogger_reenable
2013-12-23 13:36 - 2010-01-28 09:33 - 00000000 ____D C:\Users\ulrike
2013-12-23 08:24 - 2011-12-20 21:27 - 00000000 ____D C:\ProgramData\McAfee
2013-12-22 16:08 - 2012-11-15 16:32 - 00000000 ____D C:\Users\ulrike\Desktop\kontakte
2013-12-22 15:22 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-12-22 14:53 - 2010-08-15 10:45 - 00000000 ____D C:\Program Files\XMedia Recode
2013-12-22 14:38 - 2013-11-18 16:43 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-22 14:38 - 2013-02-19 20:51 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-12-22 14:37 - 2012-01-04 21:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DVDVideoSoft
2013-12-22 08:51 - 2010-02-17 17:48 - 00000000 ___RD C:\Program Files\Skype
2013-12-22 08:51 - 2010-02-17 17:48 - 00000000 ____D C:\ProgramData\Skype
2013-12-22 08:47 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-21 20:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-21 19:47 - 2013-12-21 19:46 - 00000000 ____D C:\Users\ulrike\Desktop\baby
2013-12-21 19:44 - 2013-12-20 20:27 - 00010025 _____ C:\Users\ulrike\Desktop\eiweiÃŸreich.odt
2013-12-20 21:29 - 2013-12-20 21:29 - 00151760 _____ C:\Windows\Minidump\122013-27315-01.dmp
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\Documents\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\ProgramData\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Program Files\ScreenshotCaptor
2013-12-19 14:11 - 2013-03-13 17:59 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-18 21:32 - 2013-12-17 17:39 - 00000000 ____D C:\Users\ulrike\Desktop\2013-10_marpa_house
2013-12-17 08:57 - 2013-12-17 08:56 - 00000000 ____D C:\Users\ulrike\Desktop\ah
2013-12-15 13:48 - 2013-12-15 13:41 - 00000000 ____D C:\Users\ulrike\Desktop\festung
2013-12-14 23:54 - 2011-03-23 20:29 - 00000234 _____ C:\Windows\Brownie.ini
2013-12-14 23:00 - 2013-12-14 23:00 - 00017708 _____ C:\Users\ulrike\Desktop\kÃ¼rbiskerne.odt
2013-12-13 23:22 - 2013-12-04 08:50 - 00000000 ____D C:\Users\ulrike\Desktop\transkrib
2013-12-13 23:19 - 2010-01-31 20:08 - 00000000 ____D C:\Users\ulrike\Documents\privat
2013-12-13 23:10 - 2013-11-12 18:12 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-13 23:10 - 2010-01-30 12:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-13 17:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-11 18:03 - 2013-12-11 18:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 18:03 - 2013-12-11 18:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:03 - 2010-01-31 18:39 - 00000000 ____D C:\Users\ulrike\AppData\Local\Adobe
2013-12-11 15:55 - 2010-01-28 14:37 - 00000000 ____D C:\Program Files\Adobe
2013-12-11 15:55 - 2010-01-22 14:33 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-11 15:53 - 2013-12-11 15:53 - 08641416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-12-11 15:46 - 2012-04-26 06:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 15:44 - 2013-09-30 21:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-11 14:08 - 2009-07-14 05:33 - 00495888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 14:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 13:55 - 2013-02-22 10:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 13:47 - 2013-08-14 21:22 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 13:43 - 2010-01-28 10:40 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-09 18:40 - 2013-12-09 18:40 - 00265732 _____ C:\Windows\system32\~.tmp
2013-12-07 22:16 - 2013-09-13 07:31 - 00000000 ____D C:\Users\ulrike\Desktop\gartentrÃ¤ume-zoo
2013-11-26 16:55 - 2013-11-26 16:55 - 00534744 _____ C:\Program Files\noscript-2.6.8.5.xpi
2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\Program Files\wot-latest1030
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\WinPatrol
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Program Files\BillP Studios
2013-11-26 16:44 - 2013-11-26 16:44 - 00000000 ____D C:\ProgramData\InstallMate
2013-11-26 11:11 - 2013-12-11 13:53 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 10:23 - 2013-12-11 13:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 10:22 - 2013-12-11 13:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 09:53 - 2013-12-11 13:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:52 - 2013-12-11 13:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:38 - 2013-12-11 13:53 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:38 - 2013-12-11 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:36 - 2013-12-11 13:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:32 - 2013-12-11 13:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:29 - 2013-12-11 13:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:29 - 2013-12-11 13:53 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:28 - 2013-12-11 13:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:16 - 2013-12-11 13:53 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:13 - 2013-12-11 13:53 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 08:32 - 2013-12-11 13:53 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:26 - 2013-12-11 13:53 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 07:34 - 2013-12-11 13:53 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:33 - 2013-12-11 13:53 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:27 - 2013-12-11 13:53 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-25 22:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-25 18:32 - 2012-02-19 18:33 - 00000000 ____D C:\Users\ulrike\AppData\Local\www.rene-zeidler.de
2013-11-24 15:02 - 2011-04-25 17:31 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\vlc

Some content of TEMP:
====================
C:\Users\ulrike\AppData\Local\temp\prismsetup.exe
C:\Users\ulrike\AppData\Local\temp\Quarantine.exe
C:\Users\ulrike\AppData\Local\temp\SpeedAnalysisSetup.exe
C:\Users\ulrike\AppData\Local\temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-25 22:07

==================== End Of Log ============================

--- --- ---

cosinus · 24.12.2013, 15:33

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=4eea3c1a0000000000000024d66b56cb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {F6F76182-93ED-499D-9491-EEFAEC99A3BC} URL = 
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
C:\Users\ulrike\AppData\Local\temp\prismsetup.exe
C:\Users\ulrike\AppData\Local\temp\Quarantine.exe
C:\Users\ulrike\AppData\Local\temp\SpeedAnalysisSetup.exe
C:\Users\ulrike\AppData\Local\temp\xmlUpdater.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ulrika7 · 25.12.2013, 21:32

hi cosinus,

für deine Weihnachtsmannarbeit!

HTML-Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-12-2013
Ran by ulrike at 2013-12-25 21:27:58 Run:1
Running from C:\Users\ulrike\Desktop\2013-12-24_trojaner
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=4eea3c1a0000000000000024d66b56cb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {F6F76182-93ED-499D-9491-EEFAEC99A3BC} URL = 
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
C:\Users\ulrike\AppData\Local\temp\prismsetup.exe
C:\Users\ulrike\AppData\Local\temp\Quarantine.exe
C:\Users\ulrike\AppData\Local\temp\SpeedAnalysisSetup.exe
C:\Users\ulrike\AppData\Local\temp\xmlUpdater.exe
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F6F76182-93ED-499D-9491-EEFAEC99A3BC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F6F76182-93ED-499D-9491-EEFAEC99A3BC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
C:\Users\ulrike\AppData\Local\temp\prismsetup.exe => Moved successfully.
C:\Users\ulrike\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\ulrike\AppData\Local\temp\SpeedAnalysisSetup.exe => Moved successfully.
C:\Users\ulrike\AppData\Local\temp\xmlUpdater.exe => Moved successfully.

==== End of Fixlog ====

cosinus · 25.12.2013, 23:03

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ulrika7 · 26.12.2013, 15:06

hi cosinus,
so gut ihr seid, hoffe ich, euch vom TB nicht so schnell wieder zu brauchen

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.25.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ulrike :: ULRIKE-PC [Administrator]

25.12.2013 23:20:41
mbam-log-2013-12-25 (23-20-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235343
Laufzeit: 14 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b76bf5eaa8eef444bca942ca4fd5a732
# engine=16403
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-26 08:16:21
# local_time=2013-12-26 09:16:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 5120 590785 0 0
# compatibility_mode=5893 16776573 100 94 38092 139676972 0 0
# scanned=708
# found=0
# cleaned=0
# scan_time=235
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b76bf5eaa8eef444bca942ca4fd5a732
# engine=16403
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-26 11:45:04
# local_time=2013-12-26 12:45:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 17643 603308 0 0
# compatibility_mode=5893 16776573 100 94 50615 139689495 0 0
# scanned=324930
# found=0
# cleaned=0
# scan_time=12401

cosinus · 26.12.2013, 17:53

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

ulrika7 · 26.12.2013, 18:18

hi cosinus,
großartig!!
Habe keine weiteren Fragen

, so dass du den Thread schließen kannst.
Werde mich auch in die Tipps vertiefen.
Allerbesten Dank!
ulrika

cosinus · 26.12.2013, 20:41

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. (Tools wie zB FRST einfach per Rechtsklick vom Desktop löschen)

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

windows7: MBAM eliminiert bugs open candy?

Log-Analyse und Auswertung: windows7: MBAM eliminiert bugs open candy?