Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365 (https://www.trojaner-board.de/156498-anti-malware-potenzielle-bedrohungen-erkannt-pup-optional-conduit-a-desk-365-a.html)

Gabi76 15.07.2014 23:28
Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365
 
Guten Abend,
mein Internet ist sehr langsam geworden.
Deshalb hab ich öfters (an verschiedenen Tagen) erst Malwarebytes & im Anschluss adwcleaner_3.215.exe durchlaufen lassen. Heute kam beim 2.ten Durchlauf in MWB dann diese Meldung.

Gefundenes Element: PUP.Optional.Conduit.A
Typ: Datei

Bei den "Scan´s" davor kam weitere Meldungen. u.a. desk.365,....leider weiß ich die jetzt nicht mehr auswendig.


Hier schon mal die Ergebnisse von FRST:

FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Jürgen (administrator) on YVONNEPC on 16-07-2014 00:19:35
Running from C:\Users\Jürgen\Music\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\WINDOWS\WindowsMobile\wmdc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehsched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-06] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2729437562-1770265655-3760295961-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2729437562-1770265655-3760295961-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2729437562-1770265655-3760295961-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Mail.lnk
ShortcutTarget: Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {3BD98039-BBB0-46C8-9ADA-0FE98AB5879C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {4E8316CF-23A9-4807-93F1-F492F460F250} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM - {95D81EC8-72E0-4CC2-BA51-5E3F2107249B} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {20FDA867-FB48-440A-8FB3-57A075BE9790} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {3BD98039-BBB0-46C8-9ADA-0FE98AB5879C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {4E8316CF-23A9-4807-93F1-F492F460F250} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - {95D81EC8-72E0-4CC2-BA51-5E3F2107249B} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CC1F29B-0317-4BBA-B9D1-4D613C8B9DF4} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {A8549FC4-D7C1-45A1-88B2-599E321942FA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C203CEDA-3953-4BCA-9F2C-FB646F021C22} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {C2231A76-776B-4774-9685-CA3A7840AF5F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: avast! Ad Blocker - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2013-08-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-11-27]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV=", "https://de.yahoo.com?fr=hp-avast&type=prc265"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-02]
CHR Extension: (YouTube) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-02]
CHR Extension: (Google-Suche) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-02]
CHR Extension: (Google Kalender) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-07]
CHR Extension: (Google Maps) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-11-07]
CHR Extension: (Google Wallet) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Google Mail) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\JRGEN~1\AppData\Local\Temp\tbch.crx [2014-07-06]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-13] (SurfRight B.V.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-06] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [75640 2014-07-13] ()
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 00:12 - 2014-07-16 00:19 - 00000000 ____D () C:\FRST
2014-07-14 23:05 - 2014-07-15 01:11 - 00128612 _____ () C:\Users\Jürgen\ESt2013_Patermann_Yvonne.elfo
2014-07-13 16:50 - 2014-07-16 00:08 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-13 16:50 - 2014-07-14 21:00 - 00000000 ____D () C:\Program Files\HitmanPro.Alert
2014-07-13 16:50 - 2014-07-13 17:09 - 00477008 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-13 16:50 - 2014-07-13 17:09 - 00075640 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-13 16:50 - 2014-07-13 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-13 16:50 - 2014-07-13 16:50 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-11 21:21 - 2014-07-11 21:21 - 00005118 _____ () C:\Users\Jürgen\Desktop\AdwCleaner[S1].txt
2014-07-10 23:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-10 23:24 - 2014-07-15 22:50 - 00000000 ____D () C:\AdwCleaner
2014-07-10 22:53 - 2014-07-15 23:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 22:53 - 2014-07-10 22:53 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-10 22:53 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-10 22:53 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-09 20:04 - 2014-07-09 20:04 - 00000771 _____ () C:\Users\Public\Desktop\IrfanView.lnk
2014-07-09 19:54 - 2014-07-09 19:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-09 19:54 - 2014-07-09 19:54 - 00000000 _____ () C:\Windows\setupact.log
2014-07-09 19:21 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 19:21 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 19:21 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 19:21 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 19:21 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 19:21 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 19:21 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 19:21 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 19:21 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 19:21 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 19:21 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 19:21 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 19:21 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 19:21 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 19:21 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 19:21 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 19:21 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 19:21 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 19:21 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 19:21 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 19:21 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 19:21 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 19:21 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 19:21 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 19:05 - 2014-07-15 22:52 - 00002024 _____ () C:\Windows\PFRO.log
2014-07-06 14:48 - 2014-07-06 14:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-29 20:33 - 2014-06-29 20:33 - 381795578 _____ () C:\Windows\MEMORY.DMP
2014-06-29 20:33 - 2014-06-29 20:33 - 00159808 _____ () C:\Windows\Minidump\Mini062914-01.dmp
2014-06-25 22:40 - 2014-06-25 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-06-25 22:39 - 2014-06-25 22:39 - 00000000 ____D () C:\Program Files\Tracker Software
2014-06-21 15:46 - 2014-07-14 22:32 - 00104036 _____ () C:\Users\Jürgen\ESt2012_Patermann_Yvonne.elfo
2014-06-21 15:37 - 2014-07-15 01:11 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\.elfohilfe
2014-06-21 15:35 - 2014-06-21 15:35 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\elsterformular
2014-06-21 15:34 - 2014-06-21 15:34 - 00000982 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-06-21 15:34 - 2014-06-21 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-06-21 15:34 - 2014-06-21 15:34 - 00000000 ____D () C:\ProgramData\elsterformular
2014-06-21 15:33 - 2014-06-21 15:33 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-06-17 19:39 - 2014-06-17 19:57 - 00000000 ____D () C:\Users\Jürgen\Sicherung SD-Karte 2014-06-17
2014-06-16 20:56 - 2014-06-16 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

==================== One Month Modified Files and Folders =======

2014-07-16 00:19 - 2014-07-16 00:12 - 00000000 ____D () C:\FRST
2014-07-16 00:13 - 2012-08-19 14:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 00:08 - 2014-07-13 16:50 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-16 00:07 - 2012-05-18 14:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 00:07 - 2011-07-13 14:16 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Skype
2014-07-15 23:18 - 2014-07-10 22:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 23:02 - 2010-03-20 23:52 - 01684329 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 22:53 - 2012-05-18 14:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 22:53 - 2010-03-21 00:29 - 00440002 _____ () C:\ProgramData\nvModes.dat
2014-07-15 22:53 - 2010-03-21 00:29 - 00440002 _____ () C:\ProgramData\nvModes.001
2014-07-15 22:53 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 22:53 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 22:53 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 22:52 - 2014-07-09 19:05 - 00002024 _____ () C:\Windows\PFRO.log
2014-07-15 22:51 - 2008-10-26 23:09 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-07-15 22:51 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 22:50 - 2014-07-10 23:24 - 00000000 ____D () C:\AdwCleaner
2014-07-15 01:14 - 2010-09-28 20:38 - 00000000 ____D () C:\Users\Jürgen\USB Stick - Hama
2014-07-15 01:11 - 2014-07-14 23:05 - 00128612 _____ () C:\Users\Jürgen\ESt2013_Patermann_Yvonne.elfo
2014-07-15 01:11 - 2014-06-21 15:37 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\.elfohilfe
2014-07-14 22:32 - 2014-06-21 15:46 - 00104036 _____ () C:\Users\Jürgen\ESt2012_Patermann_Yvonne.elfo
2014-07-14 22:12 - 2014-05-01 19:19 - 00000000 ____D () C:\Users\Jürgen\Documents\Steuerfälle
2014-07-14 22:03 - 2014-05-01 18:34 - 00000000 ____D () C:\ProgramData\AAV
2014-07-14 21:00 - 2014-07-13 16:50 - 00000000 ____D () C:\Program Files\HitmanPro.Alert
2014-07-13 17:09 - 2014-07-13 16:50 - 00477008 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-13 17:09 - 2014-07-13 16:50 - 00075640 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-13 16:50 - 2014-07-13 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-13 16:50 - 2014-07-13 16:50 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-12 16:56 - 2014-02-12 21:37 - 00005299 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-07-12 16:55 - 2014-02-12 21:34 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-12 16:55 - 2014-02-12 21:34 - 00000915 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-11 21:21 - 2014-07-11 21:21 - 00005118 _____ () C:\Users\Jürgen\Desktop\AdwCleaner[S1].txt
2014-07-10 22:53 - 2014-07-10 22:53 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-09 20:22 - 2006-11-02 12:33 - 01591586 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 20:14 - 2012-04-07 16:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 20:14 - 2011-07-13 12:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 20:12 - 2006-11-02 14:47 - 03892416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 20:07 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 20:04 - 2014-07-09 20:04 - 00000771 _____ () C:\Users\Public\Desktop\IrfanView.lnk
2014-07-09 20:04 - 2012-08-15 12:45 - 00000000 ____D () C:\Program Files\IrfanView
2014-07-09 20:03 - 2013-07-28 21:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:57 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 19:54 - 2014-07-09 19:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-09 19:54 - 2014-07-09 19:54 - 00000000 _____ () C:\Windows\setupact.log
2014-07-06 14:49 - 2014-03-27 20:37 - 00001833 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-06 14:49 - 2011-11-27 18:07 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-06 14:48 - 2014-07-06 14:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-06 14:48 - 2014-05-01 13:40 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-06 14:48 - 2013-04-26 18:09 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-06 14:48 - 2013-04-26 18:09 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-06 14:48 - 2011-11-27 18:07 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-06 14:48 - 2011-11-27 18:07 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-06 14:48 - 2011-11-27 18:07 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-06 14:48 - 2011-11-27 18:07 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-07-06 14:48 - 2011-11-27 18:06 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-02 15:28 - 2010-08-25 19:23 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Paint.NET
2014-06-29 20:33 - 2014-06-29 20:33 - 381795578 _____ () C:\Windows\MEMORY.DMP
2014-06-29 20:33 - 2014-06-29 20:33 - 00159808 _____ () C:\Windows\Minidump\Mini062914-01.dmp
2014-06-29 20:33 - 2011-09-28 11:50 - 00000000 ____D () C:\Windows\Minidump
2014-06-25 22:40 - 2014-06-25 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-06-25 22:39 - 2014-06-25 22:39 - 00000000 ____D () C:\Program Files\Tracker Software
2014-06-25 20:33 - 2013-12-01 12:03 - 00000000 ____D () C:\Users\Jürgen\Documents\Corel
2014-06-21 15:35 - 2014-06-21 15:35 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\elsterformular
2014-06-21 15:34 - 2014-06-21 15:34 - 00000982 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-06-21 15:34 - 2014-06-21 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-06-21 15:34 - 2014-06-21 15:34 - 00000000 ____D () C:\ProgramData\elsterformular
2014-06-21 15:33 - 2014-06-21 15:33 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-06-17 19:57 - 2014-06-17 19:39 - 00000000 ____D () C:\Users\Jürgen\Sicherung SD-Karte 2014-06-17
2014-06-16 21:01 - 2013-09-08 20:05 - 00000000 ____D () C:\ProgramData\Garmin
2014-06-16 20:59 - 2013-09-08 20:04 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-16 20:57 - 2013-09-08 20:05 - 00000000 ____D () C:\Program Files\Garmin
2014-06-16 20:57 - 2010-07-31 21:48 - 00000000 ____D () C:\Program Files\DIFX
2014-06-16 20:56 - 2014-06-16 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-16 20:56 - 2013-09-08 20:13 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Garmin

Some content of TEMP:
====================
C:\Users\Jürgen\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-15 23:01

==================== End Of Log ============================
--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Jürgen at 2014-07-16 00:21:18
Running from C:\Users\Jürgen\Music\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Brother MFL-Pro Suite DCP-J315W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
Corel DESIGNER Technical Suite X5 - DE (Version: 15.2 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 - EN (Version: 15.2 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 - Extra Content (HKLM\...\_{EB33BD77-DACE-44FD-BA32-9D089EB16C3A}) (Version:  - Corel Corporation)
Corel DESIGNER Technical Suite X5 - Extra Content (Version: 15.2 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 - FR (Version: 15.2 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 - IPM (Version: 15.2 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 - Setup Files (Version: 15.2 - Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 - WT (Version: 15.1 -  Corel Corporation) Hidden
Corel DESIGNER Technical Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.661 - Corel Corporation)
Corel DESIGNER Technical Suite X5 (Version: 15.2 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}) (Version: 15.2.0.661 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.661 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Designer (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.2 - Corel Corporation) Hidden
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
Deep Exploration 6 CE (HKLM\...\{AC8B571C-9C6E-47C1-A508-3BF1BCBED443}) (Version: 6.1 - Right Hemisphere)
Doxillion Document Converter (HKLM\...\Doxillion) (Version:  - NCH Software)
Elevated Installer (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FinePrint (HKLM\...\FinePrint) (Version:  - )
Garmin Express (HKLM\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
General Runtime Files for Nemetschek Allplan 2009 (Version: 1.5.2.0 - Nemetschek) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GraphicCorp's Browser+ (HKLM\...\GraphicCorp's Browser+) (Version:  - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HPTCSSetup (HKLM\...\{846DDADA-0239-4B67-A6B1-33658863793B}) (Version: 1.1.1963.2799 - Hewlett-Packard Company)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mp3tag v2.53 (HKLM\...\Mp3tag) (Version: v2.53 - Florian Heidenreich)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nemetschek Allplan 2009 (HKLM\...\{BAED3957-C271-4670-A50D-8D7438701917}) (Version: 2009.0 - )
Nemetschek SoftLock 2006 (HKLM\...\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}) (Version: 1.00.0000 - )
Netzmanager (HKLM\...\Netzmanager) (Version: 1.05 - Deutsche Telekom AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.2 - Tracker Software Products Ltd)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
Prism Video Converter (HKLM\...\Prism) (Version:  - NCH Software)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SnagIt 8 (HKLM\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Steuer-Software 2014 (HKLM\...\{77D53A25-9700-42C7-8305-8E469FEBEE30}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
Switch Audiodatei-Konverter (HKLM\...\Switch) (Version:  - NCH Software)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
TreeSize Professional 3.31 (HKLM\...\TreeSize Professional_is1) (Version:  - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WavePad Audiobearbeitungs-Software (HKLM\...\WavePad) (Version:  - NCH Software)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1) (HKLM\...\0852D05415AB9A4F1EF451E342267F76C776ED2F) (Version: 11/03/2006 6.82.0.1 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XnView 2.00 (HKLM\...\XnView_is1) (Version: 2.00 - Gougelet Pierre-e)

==================== Restore Points  =========================

10-05-2014 09:19:00 Windows Update
10-05-2014 21:17:36 Windows-Sicherung
11-05-2014 17:15:52 Windows-Sicherung
12-05-2014 17:10:45 Geplanter Prüfpunkt
15-05-2014 07:27:24 Windows Update
01-06-2014 09:56:12 Windows Update
09-06-2014 09:54:33 Windows Update
11-06-2014 16:50:07 Windows Update
14-06-2014 21:08:33 Konfiguriert LabelPrint
16-06-2014 18:42:00 Geplanter Prüfpunkt
16-06-2014 18:53:30 Garmin Express
16-06-2014 18:57:12 Gerätetreiber-Paketinstallation: Silicon Labs Software USB-Controller
16-06-2014 18:57:44 Gerätetreiber-Paketinstallation: Dynastream Innovations, Inc.
16-06-2014 18:58:53 Garmin Express
17-06-2014 19:08:10 Windows Update
25-06-2014 18:13:04 Windows Update
29-06-2014 11:43:30 Windows Update
06-07-2014 12:44:12 avast! antivirus system restore point
09-07-2014 17:56:03 Windows Update
15-07-2014 20:37:48 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {050686AA-D8BB-4B21-98AE-7A496D6285C1} - System32\Tasks\NCH Software\switchShakeIcon => C:\Program Files\NCH Software\Switch\Switch.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3A44B37B-C9DF-4D30-A5FD-AC89B523D979} - System32\Tasks\NCH Software\DoxillionReminder => C:\Program Files\NCH Software\Doxillion\Doxillion.exe
Task: {3BB9D84C-FE56-427F-A02D-E90AB7211870} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-06-09] ()
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {45DEE6EF-1366-41C8-9B4D-A9D18B0AB421} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {5219D54F-6AC8-4806-AEE8-022292B6567A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-18] (Google Inc.)
Task: {5FA3CAC7-1716-4509-91AB-36124E6CCA65} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jürgen => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {7A30DBF4-14D2-4FB4-AB41-24AB15EBEE44} - System32\Tasks\HPCeeScheduleForJürgen => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {B64002B0-A3D9-40B2-AAE7-9488D2BF560B} - System32\Tasks\NCH Software\wavepadShakeIcon => C:\Program Files\NCH Software\WavePad\WavePad.exe
Task: {CB040A7E-AF1D-48EB-8C1E-23E4E3E77BBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-18] (Google Inc.)
Task: {D1F22D72-4827-4972-B116-3DFC1937E183} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D240D887-6D2A-4606-99BE-B4E3BCBB0866} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {D7BEC886-84B1-4739-BBFC-554AE7AD167E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-06] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FAC25F29-D945-4673-B7DD-849F1D0014A0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJürgen.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-11-27 18:06 - 2014-07-06 14:48 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-15 21:35 - 2014-07-15 21:35 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071501\algo.dll
2010-07-04 23:32 - 2010-07-04 23:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2007-05-16 11:39 - 2007-05-16 11:39 - 00136776 _____ () C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2008-10-27 00:48 - 2008-10-06 10:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2008-10-27 00:48 - 2008-10-06 10:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2008-10-27 00:42 - 2008-09-15 16:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2013-11-07 21:44 - 2014-07-06 14:48 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-13 19:23 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 19:23 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 19:23 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-13 15:11 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Jürgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Netzmanager.lnk => C:\Windows\pss\Netzmanager.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: NokiaMusic FastStart => "C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart
MSCONFIG\startupreg: pdfFactory Pro Dispatcher v3 => "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2014 11:40:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/15/2014 11:28:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/15/2014 11:15:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/15/2014 10:58:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18311, Zeitstempel 0x4c8e2d72, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0x0000046b, Fehleroffset 0x0003fd1e,
Prozess-ID 0x11ac, Anwendungsstartzeit wmplayer.exe0.

Error: (07/15/2014 10:58:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung wmpnetwk.exe, Version 11.0.6001.7000, Zeitstempel 0x47919370, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0x0000046b, Fehleroffset 0x0003fd1e,
Prozess-ID 0x880, Anwendungsstartzeit wmpnetwk.exe0.

Error: (07/15/2014 10:54:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 09:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 11:49:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/14/2014 11:45:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/14/2014 09:19:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/15/2014 10:59:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts

Error: (07/15/2014 10:54:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/15/2014 09:31:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/14/2014 09:19:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/14/2014 09:16:35 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Gruppenrichtlinienclient

Error: (07/14/2014 09:07:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst%%1053

Error: (07/14/2014 09:07:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Player-Netzwerkfreigabedienst

Error: (07/14/2014 09:06:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/14/2014 09:04:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 14.07.2014 um 21:02:57 unerwartet heruntergefahren.

Error: (07/14/2014 09:03:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (07/15/2014 11:40:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES

Error: (07/15/2014 11:28:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES

Error: (07/15/2014 11:15:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES

Error: (07/15/2014 10:58:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmplayer.exe11.0.6002.183114c8e2d72KERNEL32.dll6.0.6002.1903452f2ec860000046b0003fd1e11ac01cfa06f764ecb22

Error: (07/15/2014 10:58:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnetwk.exe11.0.6001.700047919370KERNEL32.dll6.0.6002.1903452f2ec860000046b0003fd1e88001cfa06eec9188b4

Error: (07/15/2014 10:54:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 09:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 11:49:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES

Error: (07/14/2014 11:45:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES

Error: (07/14/2014 09:19:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-07-16 00:21:03.551
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 00:21:02.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 00:21:01.261
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 00:21:00.153
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 00:20:57.749
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 00:20:55.722
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 00:20:54.043
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 00:20:52.435
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 00:14:28.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-16 00:14:27.604
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3038.26 MB
Available physical RAM: 1394.23 MB
Total Pagefile: 6306.76 MB
Available Pagefile: 4710.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.35 MB

==================== Drives ================================

Drive b: (USB-HAMA) (Removable) (Total:1.88 GB) (Free:0.13 GB) FAT32
Drive c: () (Fixed) (Total:287.55 GB) (Free:155.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:10.53 GB) (Free:1.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: E0E2F567)
Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)

==================== End Of Log ============================
Bin am verzweifeln. Deutsche Telekom (Internetanbieter) ist keine große Hilfe!

Vielen Dank schon jetzt.

schrauber 16.07.2014 05:59
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Gabi76 16.07.2014 18:41
Hallo Schrauber,
herzlichen Dank für die schnelle Antwort.

Bevor ich "Combofix" gestartet habe, habe ich wie beschrieben u.a. meinen "Windwos Defender" deaktiviert. Dieser lässt sich nach dem Durchlauf und erneutem Neustart nicht mehr starten.

Hier die Logfile
Code:
ComboFix 14-07-16.02 - Jürgen 16.07.2014  17:30:51.1.2 - x86
ausgeführt von:: c:\users\J³rgen\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-06-16 bis 2014-07-16  ))))))))))))))))))))))))))))))
.
.
2014-07-16 15:53 . 2014-07-16 15:53        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-07-15 22:12 . 2014-07-15 22:22        --------        d-----w-        C:\FRST
2014-07-15 20:45 . 2014-07-02 03:11        8217224        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FA29AF8-72C0-4544-8FF3-523939A80522}\mpengine.dll
2014-07-13 14:50 . 2014-07-13 14:50        --------        d-----w-        c:\programdata\HitmanPro.Alert
2014-07-13 14:50 . 2014-07-15 22:08        --------        d-----w-        c:\windows\CryptoGuard
2014-07-13 14:50 . 2014-07-14 19:00        --------        d-----w-        c:\program files\HitmanPro.Alert
2014-07-13 14:50 . 2014-07-13 15:09        75640        ----a-w-        c:\windows\system32\drivers\hmpalert.sys
2014-07-13 14:50 . 2014-07-13 15:09        477008        ----a-w-        c:\windows\system32\hmpalert.dll
2014-07-10 21:31 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\system32\sqlite3.dll
2014-07-10 21:24 . 2014-07-15 20:50        --------        d-----w-        C:\AdwCleaner
2014-07-10 20:53 . 2014-07-15 22:40        110296        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-10 20:53 . 2014-07-10 20:53        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware
2014-07-10 20:53 . 2014-07-10 20:53        --------        d-----w-        c:\programdata\Malwarebytes
2014-07-10 20:53 . 2014-05-12 05:26        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-07-10 20:53 . 2014-05-12 05:25        74456        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-07-10 20:53 . 2014-05-12 05:25        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-07-06 12:48 . 2014-07-06 12:48        43152        ----a-w-        c:\windows\avastSS.scr
2014-06-25 20:39 . 2014-06-25 20:39        --------        d-----w-        c:\program files\Tracker Software
2014-06-21 13:37 . 2014-07-14 23:11        --------        d-----w-        c:\users\Jürgen\AppData\Local\.elfohilfe
2014-06-21 13:35 . 2014-06-21 13:35        --------        d-----w-        c:\users\Jürgen\AppData\Roaming\elsterformular
2014-06-21 13:34 . 2014-06-21 13:34        --------        d-----w-        c:\programdata\elsterformular
2014-06-21 13:33 . 2014-06-21 13:33        --------        d-----w-        c:\program files\ElsterFormular
2014-06-17 17:39 . 2014-06-17 17:57        --------        d-----w-        c:\users\Jürgen\Sicherung SD-Karte 2014-06-17
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 18:14 . 2012-04-07 14:07        699056        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-07-09 18:14 . 2011-07-13 10:18        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-06 12:49 . 2011-11-27 16:07        414520        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-07-06 12:48 . 2013-04-26 16:09        192352        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-07-06 12:48 . 2011-11-27 16:07        57800        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2014-07-06 12:48 . 2014-05-01 11:40        24184        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-07-06 12:48 . 2013-04-26 16:09        49944        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-07-06 12:48 . 2011-11-27 16:07        55112        ----a-w-        c:\windows\system32\drivers\aswrdr.sys
2014-07-06 12:48 . 2011-11-27 16:07        779536        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-07-06 12:48 . 2011-11-27 16:07        67824        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-07-06 12:48 . 2011-11-27 16:06        276432        ----a-w-        c:\windows\system32\aswBoot.exe
2014-05-01 11:40 . 2011-11-27 16:07        54832        ----a-w-        c:\windows\system32\drivers\aswrdr.sys.1399910046853
2014-05-01 11:40 . 2011-11-27 16:07        776976        ----a-w-        c:\windows\system32\drivers\aswsnx.sys.1399910046853
2014-04-26 16:01 . 2014-06-11 16:45        502784        ----a-w-        c:\windows\system32\usp10.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-06 12:48        578240        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-06 4086432]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Jürgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Netzmanager.lnk]
path=c:\users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
backup=c:\windows\pss\Netzmanager.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57        959904        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 15:43        2621440        ------r-        c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 09:26        114688        ------w-        c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2014-06-09 10:47        122200        ----a-w-        c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-10-28 04:32        1564528        ----a-w-        c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-12-15 11:52        614400        ----a-w-        c:\windows\System32\spool\drivers\w32x86\3\fppdis3a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 15:14        202032        ----a-w-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16        254336        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 14:55        222504        ------w-        c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-13 17:11        210216        ------w-        c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-13 17:11        210216        ------w-        c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-06 19:42        210216        ------w-        c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2729437562-1770265655-3760295961-1000]
"EnableNotificationsRef"=dword:00000003
"EnableNotifications"=dword:00000001
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 17:21        1091912        ----a-w-        c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:14]
.
2014-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-18 12:10]
.
2014-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-18 12:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://de.yahoo.com?fr=hp-avast&type=prc265
mStart Page = https://de.yahoo.com?fr=hp-avast&type=prc265
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe
MSConfigStartUp-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
AddRemove-Doxillion - c:\program files\NCH Software\Doxillion\uninst.exe
AddRemove-GraphicCorp's Browser+ - c:\browser\UNWISE.EXE
AddRemove-Netzmanager - c:\programdata\{D8116CA6-DBDF-4415-AB4A-BE0CEFB71935}\Netzmanager1.050.1606_101110a.exe
AddRemove-Prism - c:\program files\NCH Software\Prism\uninst.exe
AddRemove-Switch - c:\program files\NCH Software\Switch\uninst.exe
AddRemove-WavePad - c:\program files\NCH Software\WavePad\uninst.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-07-16 17:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-07-16  17:59:13
ComboFix-quarantined-files.txt  2014-07-16 15:59
.
Vor Suchlauf: 10 Verzeichnis(se), 167.045.128.192 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 166.228.619.264 Bytes frei
.
- - End Of File - - FF3BE5456353E5893DB4FD97ABAD9622
588AE8F0C685C02BA11F30D9CD7E61A0
Was ist nun der nächste Schritt?

Hallo Schrauber,
habe erneut Malware durchlaufen lassen...immernoch die o.g. Bedrohungen PUP.Optional.Conduit.A

schrauber 17.07.2014 12:49
Funde von MBAM löschen lassen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Gabi76 17.07.2014 19:51
Code:
# AdwCleaner v3.215 - Bericht erstellt am 17/07/2014 um 19:16:43
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Jürgen - YVONNEPC
# Gestartet von : C:\Users\Jürgen\Desktop\adwcleaner_3.215 (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16561


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV=
Gelöscht [Homepage] : hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV=
Gelöscht [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb

*************************

AdwCleaner[R0].txt - [5703 octets] - [10/07/2014 23:24:42]
AdwCleaner[R1].txt - [5107 octets] - [11/07/2014 20:51:42]
AdwCleaner[R2].txt - [1119 octets] - [12/07/2014 23:14:51]
AdwCleaner[R3].txt - [1239 octets] - [15/07/2014 22:10:40]
AdwCleaner[R4].txt - [1688 octets] - [16/07/2014 19:47:30]
AdwCleaner[R5].txt - [1472 octets] - [16/07/2014 20:59:38]
AdwCleaner[R6].txt - [1924 octets] - [17/07/2014 19:09:59]
AdwCleaner[S0].txt - [1092 octets] - [10/07/2014 23:53:47]
AdwCleaner[S1].txt - [5118 octets] - [11/07/2014 20:53:51]
AdwCleaner[S2].txt - [1181 octets] - [12/07/2014 23:21:57]
AdwCleaner[S3].txt - [1629 octets] - [15/07/2014 22:50:39]
AdwCleaner[S4].txt - [1749 octets] - [16/07/2014 19:52:27]
AdwCleaner[S5].txt - [1533 octets] - [16/07/2014 21:01:36]
AdwCleaner[S6].txt - [1845 octets] - [17/07/2014 19:16:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1905 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Jrgen on 17.07.2014 at 19:58:28,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4E8316CF-23A9-4807-93F1-F492F460F250}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95D81EC8-72E0-4CC2-BA51-5E3F2107249B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4E8316CF-23A9-4807-93F1-F492F460F250}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{95D81EC8-72E0-4CC2-BA51-5E3F2107249B}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\myfree codec"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.07.2014 at 20:17:07,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 17.07.2014
Suchlauf-Zeit: 20:20:04
Logdatei:
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.17.09
Rootkit Datenbank: v2014.07.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Jürgen

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 293972
Verstrichene Zeit: 21 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Warnen

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.Conduit.A, C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (  "homepage": "hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV=",), ,[3143821d017adf5777c9b520976d8878]
PUP.Optional.Conduit.A, C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV=", "https://de.yahoo.com?fr=hp-avast&type=prc265" ],), ,[2f453b645d1e57df630f13c218ec5fa1]

Physische Sektoren: 0
(No malicious items detected)


(end)
Hallo Schrauber,
wie bekomme ich noch mal ein FRST log ???
Habe Malware erneut durchlaufen lassen....PUP.Optional.Conduit.A sind immer noch da!!!

schrauber 18.07.2014 05:23
FRST öffnen und Scan drücken.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

Jetzt nochmal mit MBAM scannen und Funde löschen lassen.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Gabi76 19.07.2014 08:50
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8c77854239527643b3eb4b581c6a057e
# engine=19244
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-19 02:58:51
# local_time=2014-07-19 04:58:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 813174 170162821 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 34482 243271459 0 0
# scanned=230039
# found=4
# cleaned=0
# scan_time=21876
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir"
sh=58525128BD0EAB035DFBD76BB770FA9191448DCE ft=1 fh=9311c6e3ac4c9795 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Doxillion\doxillion.exe.vir"
sh=F202F9180F441BEE9D5B9577795A75C0AB99FF2C ft=1 fh=046c86234b5a1a15 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Doxillion\doxillionsetup_v2.02.exe.vir"
sh=0C641DEDC1D7DFACAEFED5CDE09B1B9C3797F895 ft=1 fh=3c92e929ac4c9795 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Doxillion\uninst.exe.vir"
Code:
Results of screen317's Security Check version 0.99.85 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner   
 Java 7 Update 51 
 Java version out of Date!
 Adobe Flash Player        14.0.0.145 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Google Chrome 36.0.1985.125 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Code:
Results of screen317's Security Check version 0.99.85 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner   
 Java 7 Update 51 
 Java version out of Date!
 Adobe Flash Player        14.0.0.145 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Google Chrome 36.0.1985.125 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

schrauber 19.07.2014 20:49
Java und Adobe updaten. Frisches FRST log und Antwort auf meine Frage fehlt noch :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131