Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
windows7: MBAM eliminiert bugs open candy?

windows7: MBAM eliminiert bugs open candy?


Log-Analyse und Auswertung: windows7: MBAM eliminiert bugs open candy?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.12.2013, 16:08   #1
ulrika7
 
windows7: MBAM eliminiert bugs open candy? - Standard

windows7: MBAM eliminiert bugs open candy?


Hallo,
gestern findet qickscan MBAM mit open candy befallene Dateien und elimiert sie erfolgreich. Habe das logfile leider nicht gespeichert.
Heute dann ausführlicher scan mit MBAM: kein Befund.
Dann defogger, FRST und GMER (ging nur im abgesicherten Modus) durchgeführt.
Logfiles anbei.
Muss ich noch etwas tun?
Vielen Dank schon!
Ulrika

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:39 on 23/12/2013 (ulrike)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01
Ran by ulrike (administrator) on ULRIKE-PC on 23-12-2013 13:40:20
Running from C:\Users\ulrike\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Nalpeiron Ltd.) C:\Windows\System32\NlsSrv32.exe
(Flux Software LLC) C:\Users\ulrike\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Hewlett-Packard Co.) C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-08-01] (IDT, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [656384 2009-06-11] (Dell Inc.)
HKLM\...\Run: [IntelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\5f3d6ac3-5abf-45e0-8524-16c12067374a.exe [180184 2013-11-23] (AVAST Software)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [F.lux] - C:\Users\ulrike\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKCU\...\Run: [GoogleChromeAutoLaunch_156B29F5313FECB4988F8467F606B4B7] - C:\Program Files\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [456768 2013-10-19] (BillP Studios)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=4eea3c1a0000000000000024d66b56cb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {F6F76182-93ED-499D-9491-EEFAEC99A3BC} URL = 
SearchScopes: HKCU - {56AB6DB6-BC28-4343-A0D3-A80203D8CC86} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=4eea3c1a0000000000000024d66b56cb&r=104
SearchScopes: HKCU - {F6F76182-93ED-499D-9491-EEFAEC99A3BC} URL = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///D:/viewer/ORDcmViewCD.ocx
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6A29D2DF-4ED9-4558-9A3C-8468D7C85B2E}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default
FF user.js: detected! => C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\user.js
FF Homepage: hxxp://www.ecosia.org/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\toolkitsearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Adblock Plus Pop-up Addon - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: S3.Google Translator - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\s3google@translator.xpi
FF Extension: Test Pilot - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: NoScript - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Adblock Plus - C:\Users\ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\z8ekacuv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=4eea3c1a0000000000000024d66b56cb
CHR RestoreOnStartup: "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=4eea3c1a0000000000000024d66b56cb"
CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=4eea3c1a0000000000000024d66b56cb
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (         "name": "",) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Free Studio) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DevalVR 3D Plugin) - C:\Program Files\Google\Chrome\Application\plugins\npdevalvr.dll (www.devalvr.com)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (avast! Ad Blocker) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0
CHR Extension: (Skype Click to Call) - C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR HKLM\...\Chrome\Extension: [cljghnkcnkhedlnhdgbcbefjoapionoc] - C:\Users\ulrike\AppData\Local\eToolKit\Beemp3.crx
CHR HKLM\...\Chrome\Extension: [dnlhamhiejpiajljicfphhpiahoojipl] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookShare.crx
CHR HKLM\...\Chrome\Extension: [dpmoonohndgmmnlcnjajheaahmnjlbmj] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookStatus.crx
CHR HKLM\...\Chrome\Extension: [eelchhiiipbeleiimmhpdfbagkcjdmdm] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookChat.crx
CHR HKLM\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx
CHR HKLM\...\Chrome\Extension: [fppahmlkambbejgkiidklamcmhealjag] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookLike.crx
CHR HKLM\...\Chrome\Extension: [jchankggehakkafdlalgmfbodgfilnbg] - C:\Users\ulrike\AppData\Local\eToolKit\FacebookMain.crx
CHR HKLM\...\Chrome\Extension: [jedcimnjemkbmkkngncfgfpjgfcapimk] - C:\Users\ulrike\AppData\Local\eToolKit\Extmanager.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-01-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-01-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [565472 2013-01-14] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [293968 2009-04-27] (Dell Inc.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812392 2009-06-26] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [26984 2009-06-26] (Broadcom Corporation)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [382752 2009-07-16] (Dell Inc.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1019904 2009-06-03] (Wave Systems Corp.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 SMManager; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [76288 2009-10-05] (Smith Micro Software, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe [221266 2009-08-01] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1622016 2009-06-11] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

S3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R3 ASAPIW2K; C:\Windows\System32\Drivers\ASAPIW2K.sys [11264 2003-11-28] (Pinnacle Systems GmbH)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83944 2012-11-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [134336 2012-11-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36552 2012-11-22] (Avira Operations GmbH & Co. KG)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-06-26] (Broadcom Corporation)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277440 2008-09-18] (Creative Technology Ltd.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [49152 2009-07-01] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38400 2009-07-05] (REDC)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [45240 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [441608 2011-11-17] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [277576 2011-11-17] (Paragon)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [200192 2009-07-27] (Wave Systems Corp.)
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\Users\ulrike\AppData\Local\Temp\catchme.sys [x]
S3 CtAudDrv; \??\C:\Windows\system32\Drivers\CtAudDrv.sys [x]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [x]
S3 NvtSp50; System32\Drivers\NvtSp50.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-23 13:40 - 2013-12-23 13:40 - 00024605 _____ C:\Users\ulrike\Desktop\FRST.txt
2013-12-23 13:40 - 2013-12-23 13:40 - 00000000 ____D C:\FRST
2013-12-23 13:38 - 2013-12-23 13:38 - 01061231 _____ (Farbar) C:\Users\ulrike\Desktop\FRST.exe
2013-12-23 13:36 - 2013-12-23 13:39 - 00000474 _____ C:\Users\ulrike\Desktop\defogger_disable.log
2013-12-23 13:36 - 2013-12-23 13:36 - 00000000 _____ C:\Users\ulrike\defogger_reenable
2013-12-23 13:35 - 2013-12-23 13:35 - 00050477 _____ C:\Users\ulrike\Desktop\Defogger.exe
2013-12-23 08:30 - 2013-12-23 08:30 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 08:30 - 2013-12-23 08:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-23 08:30 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-23 08:28 - 2013-12-23 08:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ulrike\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-21 19:46 - 2013-12-21 19:47 - 00000000 ____D C:\Users\ulrike\Desktop\baby
2013-12-20 21:29 - 2013-12-20 21:29 - 00151760 _____ C:\Windows\Minidump\122013-27315-01.dmp
2013-12-20 20:27 - 2013-12-21 19:44 - 00010025 _____ C:\Users\ulrike\Desktop\eiweißreich.odt
2013-12-20 15:04 - 2013-12-20 15:04 - 00000058 _____ C:\Users\ulrike\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\Documents\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\ProgramData\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Program Files\ScreenshotCaptor
2013-12-17 17:39 - 2013-12-18 21:32 - 00000000 ____D C:\Users\ulrike\Desktop\2013-10_marpa_house
2013-12-17 08:56 - 2013-12-17 08:57 - 00000000 ____D C:\Users\ulrike\Desktop\ah
2013-12-15 13:41 - 2013-12-15 13:48 - 00000000 ____D C:\Users\ulrike\Desktop\festung
2013-12-14 23:00 - 2013-12-14 23:00 - 00017708 _____ C:\Users\ulrike\Desktop\kürbiskerne.odt
2013-12-11 18:03 - 2013-12-23 13:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 18:03 - 2013-12-11 18:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 18:03 - 2013-12-11 18:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 15:53 - 2013-12-11 15:53 - 08641416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-12-11 13:53 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 13:53 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 13:53 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 13:53 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 13:53 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 13:53 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 13:53 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 13:53 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 13:53 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 13:53 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 13:53 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 13:53 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 13:53 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 13:53 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 13:53 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 13:53 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 13:53 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 13:53 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 13:53 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 13:39 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 13:39 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 13:28 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 13:28 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 13:28 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 13:28 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 13:28 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 13:28 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 13:28 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 13:28 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 13:28 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 13:28 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 13:28 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 18:40 - 2013-12-09 18:40 - 00265732 _____ C:\Windows\system32\~.tmp
2013-12-04 08:50 - 2013-12-13 23:22 - 00000000 ____D C:\Users\ulrike\Desktop\transkrib
2013-11-26 16:55 - 2013-11-26 16:55 - 00534744 _____ C:\Program Files\noscript-2.6.8.5.xpi
2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\Program Files\wot-latest1030
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\WinPatrol
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Program Files\BillP Studios
2013-11-26 16:44 - 2013-11-26 16:44 - 00000000 ____D C:\ProgramData\InstallMate

==================== One Month Modified Files and Folders =======

2013-12-23 13:40 - 2013-12-23 13:40 - 00024605 _____ C:\Users\ulrike\Desktop\FRST.txt
2013-12-23 13:40 - 2013-12-23 13:40 - 00000000 ____D C:\FRST
2013-12-23 13:39 - 2013-12-23 13:36 - 00000474 _____ C:\Users\ulrike\Desktop\defogger_disable.log
2013-12-23 13:38 - 2013-12-23 13:38 - 01061231 _____ (Farbar) C:\Users\ulrike\Desktop\FRST.exe
2013-12-23 13:38 - 2010-02-17 17:49 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Skype
2013-12-23 13:36 - 2013-12-23 13:36 - 00000000 _____ C:\Users\ulrike\defogger_reenable
2013-12-23 13:36 - 2010-01-28 09:33 - 00000000 ____D C:\Users\ulrike
2013-12-23 13:35 - 2013-12-23 13:35 - 00050477 _____ C:\Users\ulrike\Desktop\Defogger.exe
2013-12-23 13:29 - 2010-01-31 23:27 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 13:16 - 2013-12-11 18:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 08:37 - 2013-09-16 20:38 - 00000000 ____D C:\Users\ulrike\AppData\Local\Windows Live
2013-12-23 08:33 - 2009-07-14 05:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 08:33 - 2009-07-14 05:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 08:31 - 2009-07-14 05:55 - 01854417 _____ C:\Windows\WindowsUpdate.log
2013-12-23 08:30 - 2013-12-23 08:30 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 08:30 - 2013-12-23 08:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-23 08:29 - 2013-12-23 08:28 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ulrike\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-23 08:26 - 2013-03-15 09:02 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\Dropbox
2013-12-23 08:26 - 2011-01-14 08:08 - 00000000 ___RD C:\Users\ulrike\Dropbox
2013-12-23 08:25 - 2010-01-31 23:27 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-23 08:24 - 2013-03-22 16:57 - 00066872 _____ C:\Windows\setupact.log
2013-12-23 08:24 - 2011-12-20 21:27 - 00000000 ____D C:\ProgramData\McAfee
2013-12-23 08:24 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 23:25 - 2013-03-22 16:56 - 00087566 _____ C:\Windows\PFRO.log
2013-12-22 16:08 - 2012-11-15 16:32 - 00000000 ____D C:\Users\ulrike\Desktop\kontakte
2013-12-22 15:22 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-12-22 14:53 - 2010-08-15 10:45 - 00000000 ____D C:\Program Files\XMedia Recode
2013-12-22 14:51 - 2010-03-15 23:00 - 00000000 ____D C:\Program Files\NCH Software
2013-12-22 14:38 - 2013-11-18 16:43 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-12-22 14:38 - 2013-02-19 20:51 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-12-22 14:37 - 2012-01-04 21:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DVDVideoSoft
2013-12-22 08:51 - 2010-02-17 17:48 - 00000000 ___RD C:\Program Files\Skype
2013-12-22 08:51 - 2010-02-17 17:48 - 00000000 ____D C:\ProgramData\Skype
2013-12-22 08:47 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-21 20:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-21 19:47 - 2013-12-21 19:46 - 00000000 ____D C:\Users\ulrike\Desktop\baby
2013-12-21 19:44 - 2013-12-20 20:27 - 00010025 _____ C:\Users\ulrike\Desktop\eiweißreich.odt
2013-12-21 15:24 - 2010-01-22 14:42 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 21:29 - 2013-12-20 21:29 - 00151760 _____ C:\Windows\Minidump\122013-27315-01.dmp
2013-12-20 21:29 - 2013-10-06 16:42 - 00000000 ____D C:\Windows\Minidump
2013-12-20 15:04 - 2013-12-20 15:04 - 00000058 _____ C:\Users\ulrike\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\Documents\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\ProgramData\DonationCoder
2013-12-20 15:04 - 2013-12-20 15:04 - 00000000 ____D C:\Program Files\ScreenshotCaptor
2013-12-18 21:32 - 2013-12-17 17:39 - 00000000 ____D C:\Users\ulrike\Desktop\2013-10_marpa_house
2013-12-17 08:57 - 2013-12-17 08:56 - 00000000 ____D C:\Users\ulrike\Desktop\ah
2013-12-15 13:48 - 2013-12-15 13:41 - 00000000 ____D C:\Users\ulrike\Desktop\festung
2013-12-14 23:54 - 2011-03-23 20:29 - 00000234 _____ C:\Windows\Brownie.ini
2013-12-14 23:00 - 2013-12-14 23:00 - 00017708 _____ C:\Users\ulrike\Desktop\kürbiskerne.odt
2013-12-13 23:22 - 2013-12-04 08:50 - 00000000 ____D C:\Users\ulrike\Desktop\transkrib
2013-12-13 23:19 - 2010-01-31 20:08 - 00000000 ____D C:\Users\ulrike\Documents\privat
2013-12-13 23:10 - 2013-11-12 18:12 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-13 23:10 - 2010-01-30 12:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-13 17:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-11 18:03 - 2013-12-11 18:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 18:03 - 2013-12-11 18:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:03 - 2010-01-31 18:39 - 00000000 ____D C:\Users\ulrike\AppData\Local\Adobe
2013-12-11 15:55 - 2010-01-28 14:37 - 00000000 ____D C:\Program Files\Adobe
2013-12-11 15:55 - 2010-01-22 14:33 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-11 15:53 - 2013-12-11 15:53 - 08641416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-12-11 15:46 - 2012-04-26 06:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-11 15:44 - 2013-09-30 21:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-11 14:08 - 2009-07-14 05:33 - 00495888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 14:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 13:55 - 2013-02-22 10:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 13:47 - 2013-08-14 21:22 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 13:43 - 2010-01-28 10:40 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-09 18:40 - 2013-12-09 18:40 - 00265732 _____ C:\Windows\system32\~.tmp
2013-12-07 22:16 - 2013-09-13 07:31 - 00000000 ____D C:\Users\ulrike\Desktop\gartenträume-zoo
2013-11-26 16:55 - 2013-11-26 16:55 - 00534744 _____ C:\Program Files\noscript-2.6.8.5.xpi
2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\Program Files\wot-latest1030
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\WinPatrol
2013-11-26 16:45 - 2013-11-26 16:45 - 00000000 ____D C:\Program Files\BillP Studios
2013-11-26 16:44 - 2013-11-26 16:44 - 00000000 ____D C:\ProgramData\InstallMate
2013-11-26 11:11 - 2013-12-11 13:53 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 10:23 - 2013-12-11 13:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 10:22 - 2013-12-11 13:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 09:53 - 2013-12-11 13:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:52 - 2013-12-11 13:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:38 - 2013-12-11 13:53 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:38 - 2013-12-11 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:36 - 2013-12-11 13:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:32 - 2013-12-11 13:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:29 - 2013-12-11 13:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:29 - 2013-12-11 13:53 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:28 - 2013-12-11 13:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:16 - 2013-12-11 13:53 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:13 - 2013-12-11 13:53 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 08:32 - 2013-12-11 13:53 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:26 - 2013-12-11 13:53 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 07:34 - 2013-12-11 13:53 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:33 - 2013-12-11 13:53 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:27 - 2013-12-11 13:53 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-25 22:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-25 18:32 - 2012-02-19 18:33 - 00000000 ____D C:\Users\ulrike\AppData\Local\www.rene-zeidler.de
2013-11-24 15:02 - 2011-04-25 17:31 - 00000000 ____D C:\Users\ulrike\AppData\Roaming\vlc
2013-11-23 19:26 - 2013-12-11 13:28 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

Some content of TEMP:
====================
C:\Users\ulrike\AppData\Local\temp\0306791387751441mcinst.exe
C:\Users\ulrike\AppData\Local\temp\prismsetup.exe
C:\Users\ulrike\AppData\Local\temp\SpeedAnalysisSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-25 22:07

==================== End Of Log ============================
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2013 01
Ran by ulrike at 2013-12-23 13:41:03
Running from C:\Users\ulrike\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510gm_Help (Version: 000.0.439.000)
4500G510gm (Version: 000.0.423.000)
4500G510gm_Software_Min (Version: 000.0.423.000)
7-Zip 9.30 alpha
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Photoshop Elements 7.0 (Version: 7.0)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3)
All Day Battery Life Configuration (Version: 1.1.0)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ASAPI (Version: 6.0.0)
Ashampoo Burning Studio Elements 10.0.9 (Version: 3.1.1)
avast! Ad Blocker (Version: 1.0.0.0)
avast! Free Antivirus (Version: 8.0.1489.0)
BioAPI Framework (Version: 1.0.1)
Bonjour (Version: 3.0.0.10)
Brother HL-2030 (Version: 1.00)
BufferChm (Version: 130.0.331.000)
Canon Utilities CameraWindow DC 8 (Version: 8.7.0.11)
Canon Utilities ImageBrowser EX (Version: 1.2.1.13)
Canon Utilities PhotoStitch (Version: 3.1.23.47)
CDBurnerXP (Version: 4.5.2.4291)
D3DX10 (Version: 15.4.2368.0902)
DCP32MMWrapper (Version: 1.6.334.60)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Dell Control Point (Version: 1.6.334.60)
Dell ControlPoint Connection Manager (Version: 1.3.1)
Dell ControlPoint Security Manager (Version: 1.6.334.60)
Dell ControlPoint System Manager (Version: 1.3.00000)
Dell ControlVault Host Components Installer (Version: 1.7.324.55)
Dell Driver Download Manager (HKCU Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Embassy Trust Suite by Wave Systems (Version: 03.04.00.063)
Dell Security Device Driver Pack (Version: 1.3.039)
Dell Touchpad (Version: 7.2.101.228)
Destinations (Version: 140.0.77.000)
DevalVR plugin for Netscape and compatible browsers
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Document Manager Lite (Version: 06.09.00.121)
Dropbox (HKCU Version: 2.0.22)
DVD Shrink 3.2 deutsch (DeCSS-frei)
EMBASSY Security Center (Version: 03.09.00.092)
EMBASSY Security Setup (Version: 03.09.00.102)
ESC Home Page Plugin (Version: 03.04.00.029)
Express Burn
Express Dictate
Express Scribe
f.lux
f4 2012
Fax (Version: 130.0.418.000)
Free Audio CD to MP3 Converter version 1.3.12.1228 (Version: 1.3.12.1228)
Free DVD Video Converter version 2.0.13.1212 (Version: 2.0.13.1212)
Free Video Dub version 2.0.21.827 (Version: 2.0.21.827)
Free YouTube Download version 3.2.18.1128 (Version: 3.2.18.1128)
Free YouTube to MP3 Converter version 3.12.17.1127 (Version: 3.12.17.1127)
Gemalto (Version: 01.01.00.0000)
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (Version: 31.0.1650.63)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.3)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.005.000.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Integrated Webcam Driver (1.03.02.0919)  
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 14.6.9.0 (Version: 14.6.9.0)
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Junk Mail filter update (Version: 16.4.3505.0912)
MAGIX Audio Cleaning Lab 16 deluxe (Version: 16.0.0.0)
MAGIX Speed burnR (Version: 6.0.1.4)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Rechner-Plus (Version: 1.0.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft-Maus- und Tastatur-Center (Version: 2.0.162.0)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Network (Version: 130.0.374.000)
NTRU TCG Software Stack (Version: 2.1.29)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenOffice 4.0.1 (Version: 4.01.9714)
Outils de vérification linguistique 2013 de Microsoft OfficeÂ*- Français (Version: 15.0.4420.1017)
Paragon Backup & Recoveryâ„¢ 2012 Free (Version: 90.00.0003)
PDF24 Creator 5.3.0
PDFCreator (Version: 1.2.0)
PDF-Viewer (Version: 2.5.211.0)
PowerDVD DX (Version: 8.3.5424)
Preboot Manager (Version: 02.09.00.071)
Private Information Manager (Version: 06.04.00.047)
QuickTime (Version: 7.74.80.86)
RealUpgrade 1.0 (Version: 1.0.0)
SA30xx Media Converter (Version: 1.1.5.1007)
Scan (Version: 140.0.80.000)
Screenshot Captor 4.8
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Secure Eraser (Version: 4.2.0.1)
Security Wizards (Version: 01.07.00.016)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (Version: 6.3.11079)
Skypeâ„¢ 6.11 (Version: 6.11.102)
SmartWebPrinting (Version: 130.0.373.000)
SO32MMWrapper (Version: 1.6.334.60)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Trusted Drive Manager (Version: 3.1.0.116)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition
Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition
Update for Microsoft Word 2013 (KB2850060) 32-Bit Edition
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.1.1 (Version: 2.1.1)
Wave Infrastructure Installer (Version: 07.00.21.0000)
Wave Support Software (Version: 05.10.00.046)
WavePad Audiobearbeitungs-Software
WebReg (Version: 130.0.132.017)
WIDCOMM Bluetooth Software (Version: 6.2.1.100)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)
WinPatrol (Version: 29.0.2013)
XMedia Recode 2.2.5.8 (Version: 2.2.5.8)
XMedia Recode Version 3.1.4.9 (Version: 3.1.4.9)

==================== Restore Points  =========================

10-12-2013 07:58:27 Windows Update
11-12-2013 12:36:09 Windows Update
11-12-2013 14:21:26 Windows Update
11-12-2013 14:56:15 Removed Adobe Flash Player 11 Plugin.
13-12-2013 22:06:18 Removed iTunes
13-12-2013 22:13:38 Removed WIDCOMM Bluetooth Software
17-12-2013 07:50:27 Windows Update
22-12-2013 13:43:28 TuneUp Utilities 2014 wird entfernt
22-12-2013 13:44:48 TuneUp Utilities 2014 (de-DE) wird entfernt

==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-08-31 20:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0B4C92F7-4F04-412B-A155-DB05DCE26636} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-289800921-2288194260-3485654390-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {22E721D6-ABFA-456C-9332-A4717C08F12B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {2A71037E-736B-45E8-90E8-F32B32EFDECB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {2EA70800-A987-43DC-8D8C-4E7B0268AA8D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {31472746-6047-495D-8246-1298074EF57D} - System32\Tasks\NCH Software\ExpressBurnReminder => C:\Program Files\NCH Software\ExpressBurn\expressburn.exe [2012-09-15] (NCH Software)
Task: {3A182F09-12FB-4BB8-A39D-4A73C319ADC4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {3AE5FE89-A1B2-4002-B7AB-2CE5ECCBC910} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {4DD32D03-C05C-48C5-91BE-C943E0056E6D} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe
Task: {63B0DC69-5D20-4419-A40E-246A236F4936} - System32\Tasks\{48FE6037-9EA9-484A-B752-6263D3787571} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {6BE321CC-8D7E-4BB0-85E5-3063FF48A121} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {71C4E435-EDBC-4AF3-BA15-6A4F587760F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2012-11-02] (Microsoft)
Task: {8081DB32-E7E3-4682-A117-0F2108E50A3E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-289800921-2288194260-3485654390-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {84333D4D-1683-4E27-B80D-94BD74EA3CE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9C34C630-D950-44AE-890C-2B6CC2589265} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {A2DDDEB8-6CAC-4936-A712-1A39994CDFFC} - System32\Tasks\NCH Software\scribeShakeIcon => C:\Program Files\NCH Software\Scribe\scribe.exe [2013-01-17] (NCH Software)
Task: {ABB27C21-1E87-4F1A-8BBB-AEDE1C22FB2B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {AC36F7C9-F8A2-4787-86AA-D16A4A19DD4F} - System32\Tasks\{29F12D92-9D2B-4269-A005-BAAA29A43780} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179&amp;LastError=12007
Task: {D06B7EF4-FFAD-4D71-9330-BB6BDE6AB8BB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ulrike-PC-ulrike ulrike-PC => C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE [2013-11-08] (Microsoft Corporation)
Task: {E281230E-84D2-47AA-8CEA-D25A46D68C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.)
Task: {E94EDB73-02FE-4698-BC9C-D248B9A5F853} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\microsoft shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {E9C0E132-4766-4A24-AD09-9651EC4C1FC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-26 16:45 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2013-03-23 15:12 - 2013-01-29 19:45 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\ulrike\AppData\Roaming\Dropbox\bin\libcef.dll
2009-06-03 12:07 - 2009-06-03 12:07 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 13:29 - 2008-11-12 13:29 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll
2013-09-30 21:02 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2013 09:02:39 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/23/2013 08:34:44 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (12/22/2013 08:51:50 PM) (Source: Application Hang) (User: )
Description: Programm Skype.exe, Version 6.11.0.102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b14

Startzeit: 01cefeea915b3331

Endzeit: 349

Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe

Berichts-ID: 77e6f736-6b42-11e3-bcd7-0026b99a8d83

Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2734698

Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2734698

Error: (12/22/2013 08:49:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/22/2013 07:00:03 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5289

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5289

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/23/2013 08:25:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053

Error: (12/23/2013 08:25:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/23/2013 08:25:11 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht.

Error: (12/23/2013 08:24:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/23/2013 08:24:36 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht.

Error: (12/23/2013 08:24:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (12/22/2013 11:26:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/22/2013 11:26:18 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.

Error: (12/22/2013 11:25:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053

Error: (12/22/2013 11:25:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (12/23/2013 09:02:39 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/23/2013 08:34:44 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418231

Error: (12/22/2013 08:51:50 PM) (Source: Application Hang)(User: )
Description: Skype.exe6.11.0.102b1401cefeea915b3331349C:\Program Files\Skype\Phone\Skype.exe77e6f736-6b42-11e3-bcd7-0026b99a8d83

Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2734698

Error: (12/22/2013 08:49:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2734698

Error: (12/22/2013 08:49:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/22/2013 07:00:03 PM) (Source: Windows Backup)(User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5289

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5289

Error: (12/22/2013 04:13:28 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 3535.9 MB
Available physical RAM: 1767.71 MB
Total Pagefile: 7070.09 MB
Available Pagefile: 5024.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.4 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:231.89 GB) (Free:18.12 GB) NTFS
Drive d: (05 Jan 2013) (CDROM) (Total:4.38 GB) (Free:4.37 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=267 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-23 15:44:42
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925041 rev.0004 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ulrike\AppData\Local\Temp\uwdirpod.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                                               82A56A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                 82A90212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

Device          \FileSystem\fastfat \Fat                                                                                                                               9BBB2130

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                               fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5fb327c                                                                            
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5fb327c (not active ControlSet)                                                        
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\ulrike\Desktop\f\xb3r_ryder\uninstall.exe  1

---- EOF - GMER 2.1 ----

 

Themen zu windows7: MBAM eliminiert bugs open candy?
ad-aware, antivirus, bug open candy, canon, chromium, converter, device driver, dvdvideosoft ltd., flash player, helper, homepage, install.exe, minidump, mozilla, officejet, open candy, plug-in, programm, pup.optional.conduit.a, pup.optional.opencandy, pup.optional.opencandy.a, registry, search the web, secunia psi, services.exe, software, svchost.exe, system, tracker, windows


« Bei Firefoxstart öffnen sich Tabs selbständig (WOT und BetterPrivacy) | "\RECYCLER\e621ca505.exe konnte nicht gefunden werden" auf ext. Festplatte »


Ähnliche Themen: windows7: MBAM eliminiert bugs open candy?


  1. Windows 7 (64bit): Somoto BetterInstaller, FirePassword, Open Candy
    Plagegeister aller Art und deren Bekämpfung - 21.09.2015 (22)
  2. Frage zu CrystalDiskInfo und Open Candy ....
    Plagegeister aller Art und deren Bekämpfung - 29.05.2015 (16)
  3. Open Candy
    Log-Analyse und Auswertung - 17.05.2015 (23)
  4. Malwarebytes Anti-Malware zeigt Trojaner an (eliminiert?)
    Plagegeister aller Art und deren Bekämpfung - 08.04.2015 (3)
  5. Open Candy Virus, CPU-Auslastung 100 %
    Log-Analyse und Auswertung - 07.02.2014 (29)
  6. Open Candy
    Plagegeister aller Art und deren Bekämpfung - 21.11.2013 (15)
  7. Open Candy Virus
    Plagegeister aller Art und deren Bekämpfung - 07.11.2013 (3)
  8. Open Candy Virus
    Plagegeister aller Art und deren Bekämpfung - 04.11.2013 (2)
  9. pup browser defender,open candy und noch 120391849814 mehr
    Plagegeister aller Art und deren Bekämpfung - 10.09.2013 (17)
  10. PUP.VShare.Redir und PUP.Optional.Open Candy auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 30.08.2013 (24)
  11. Windows 7, Malwarebytes findet 1 infizierte Datei: Trojan.PUP.Optional.FileScout.A, bei einen anderen Benutzer Pub.Optional.Open.Candy
    Log-Analyse und Auswertung - 30.08.2013 (32)
  12. yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert?
    Log-Analyse und Auswertung - 30.05.2013 (10)
  13. ggf. Infizierter PC - Eset fand Open Candy?
    Log-Analyse und Auswertung - 21.04.2012 (3)
  14. Trojan.SpyEyes.WC, Spyware.Passwords.XGen wirklich eliminiert?
    Plagegeister aller Art und deren Bekämpfung - 04.03.2011 (5)
  15. Malware gefunden und eliminiert: ist jetzt alles wieder in Ordnung?
    Plagegeister aller Art und deren Bekämpfung - 23.11.2009 (5)
  16. Malware / Trojaner der mit TrendMicro nicht eliminiert werden kann
    Log-Analyse und Auswertung - 15.01.2009 (0)
  17. web bugs
    Überwachung, Datenschutz und Spam - 05.01.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema windows7: MBAM eliminiert bugs open candy? - Hallo, gestern findet qickscan MBAM mit open candy befallene Dateien und elimiert sie erfolgreich. Habe das logfile leider nicht gespeichert. Heute dann ausführlicher scan mit MBAM: kein Befund. Dann defogger, - windows7: MBAM eliminiert bugs open candy?...
Archiv
Du betrachtest: windows7: MBAM eliminiert bugs open candy? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131