Bin planlos. MS DOS emailanhang geöffnet!

erdbeere7 · 10.12.2013, 17:00

Soooo,
ich habe nicht viel Ahnung von PC´s.
Habe einen Mailanhang mit MS DOS Anhang geöffnet und bin mir nicht sicher was jetzt los ist.
Lasse gerade Malewarebytes durchlaufen hat bereits 26 Objekte gefunden.

Bitte helft mir!

Psychotic · 10.12.2013, 17:08

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Poste bitte das MBAM log, wenn fertig.

erdbeere7 · 10.12.2013, 17:25

Hallo Marius!
Bor DANKE!
Ok ich folge deinen Anweisungen!
Das MBAM läuft noch!

Was meinst du genau mit Punkt 7?

Psychotic · 10.12.2013, 17:29

Dass du den Inhalt der Logdateien nicht direkt in die Antwort kopieren, sondern code-tags benutzen sollst. Dieser erhältst du, wenn du auf das #-Symbol im Kopf des Antwortfensters klickst.

erdbeere7 · 10.12.2013, 17:38

Wie lange dauert es denn zu formatieren? Ich habe eine Windows 7 CD, aber keine Ahnung wie das geht.
Was tue ich mit meiner externen Festplatte, hier habe ich ganz schnell alles mögliche drauf geschoben, was mir wichtig ist?
Wie schnell arbeitet so ein Trojaner oder Virus oder soll ich es blöder Lümmel nennen?
Ich habe noch einen alten Rechner wenn ich den anschließe könnte ich darüber evtl ins Internet gelangen. Wär dies hilfreich?

Psychotic · 10.12.2013, 18:15

Lass uns erstmal sehen, was MBAM uns sagt. Vorher kann ich noch überhaupt nichts sagen - weder positiv, noch negativ.

Formatiert und neu installiert ist schnell, allerdings wird es dauern, bis du all deine Software wieder drauf hast.

erdbeere7 · 10.12.2013, 20:59

ok bist du gleich noch da oder plötzlich weg? Hatte grad schon die Panik!

Das Ding läuft immer noch!

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.23.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
annika :: ANNIKA-PC [Administrator]

10.12.2013 16:22:22
MBAM-log-2013-12-10 (20-15-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377696
Laufzeit: 3 Stunde(n), 52 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Program Files\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> 1784 -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> 2692 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 3
C:\Users\annika\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 7
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3306061 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.Conduit.A) -> Daten: C:\Users\annika\AppData\Roaming\SearchProtect\bin\cltmng.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.Conduit.A) -> Daten: C:\Program Files\SearchProtect\bin\cltmng.exe -> Keine Aktion durchgeführt.
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Daten: hxxp://search.conduit.com?SearchSource=10&CUI=UN10763955931250226&UM=2&ctid=CT3306061 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 28
C:\Program Files\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\plugins (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\xpi (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\xpi\defaults (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Conduit\IE\CT3306061 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 119
C:\Program Files\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Program Files\Connect_DLC_5\Connect_DLC_5ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\bin\SPHook64.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Conduit\CT3306061\Connect_DLC_5AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21G7X58Q\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21G7X58Q\Connect_DLC_5[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0ILSJ0I\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0ILSJ0I\connect_dlc_5[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0ILSJ0I\Connect_DLC_5[2].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQ81MLAE\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\nsuCB58.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\nsyA56D.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\nsyCC22.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\nsz5761.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\nseC137.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\nso4DFB.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\chLogic.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\ctbe.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\ffLogic.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\ieLogic.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\spch.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\spff.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\statisticsStub.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\AU\AutoUpdate.zip (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\AU\SPUpdater.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\SPHook64.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\Downloads\SoftonicDownloader_fuer_freemind.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Program Files\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\conduit.xml (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\CT3306061.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\CT3306061.xpi (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\initdata.json (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\manifest.json (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\stub.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\version.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\xpi\install.rdf (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\annika\AppData\Local\Temp\ct3306061\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Conduit\IE\CT3306061\configutaion.json (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Conduit\IE\CT3306061\SetupIcon.ico (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Conduit\IE\CT3306061\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

(Ende)

soll ich auf "entferne Auswahl" klicken?

Psychotic · 11.12.2013, 10:04

Ja, entferne Auswahl. Dann mach folgendes:

Schritt 1: defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 2: FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 3: GMER

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Hacken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

erdbeere7 · 11.12.2013, 17:45

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2013 01
Ran by annika (administrator) on ANNIKA-PC on 11-12-2013 16:52:35
Running from C:\Users\annika\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\annika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1697064 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1328480 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [IMSS] - C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-08] (Facebook Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\annika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-14] (Spotify Ltd)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5706480 2013-10-02] (SUPERAntiSpyware)
MountPoints2: {4d923303-4df5-11e3-8c42-00266ca0436c} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB03F19110E5DCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope {DA9F6738-FE54-4E5C-9F75-5FB754CCBCA8} URL = 
SearchScopes: HKCU - DefaultScope {DA9F6738-FE54-4E5C-9F75-5FB754CCBCA8} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN10763955931250226&UM=2
SearchScopes: HKCU - {BA2EB3D5-B103-450D-A5BE-B6FB6B9B9628} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8d6998b0-8e15-4508-8fc2-b645e2384d6d&apn_sauid=470D5D7C-EDF6-49E6-BF98-7E2BB75DE715
SearchScopes: HKCU - {DA9F6738-FE54-4E5C-9F75-5FB754CCBCA8} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN10763955931250226&UM=2
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default
FF DefaultSearchEngine: Connect DLC 5 Customized Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Connect DLC 5 Customized Web Search
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN39384754189038173&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\annika\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\Extensions\staged
FF Extension: StumbleUpon - C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\Extensions\toolbar@stumbleupon.com
FF Extension: Connect DLC 5  - C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
FF Extension: firefox - C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\Extensions\firefox@outobox.net.xpi
FF Extension: noscript - C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: DVDVideoSoft Menu - C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Adblock Plus - C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: greasemonkey - C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN13531032271014213&UM=2
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN13531032271014213&UM=2"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\annika\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\annika\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0
CHR Extension: (Angry Birds) - C:\Users\annika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (VIS) - C:\Users\annika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
CHR Extension: (Autodesk Homestyler) - C:\Users\annika\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0
CHR HKLM\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx
CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\annika\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189808 2010-03-17] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-05] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI32.sys [516152 2010-03-05] (Conexant Systems Inc.)
R3 HBtnKey; C:\Windows\System32\DRIVERS\tkbtnpn.sys [7463 2007-10-30] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-11 16:52 - 2013-12-11 16:52 - 00015599 _____ C:\Users\annika\Desktop\FRST.txt
2013-12-11 16:52 - 2013-12-11 16:52 - 00000000 ____D C:\FRST
2013-12-11 16:50 - 2013-12-11 16:50 - 00000474 _____ C:\Users\annika\Desktop\defogger_disable.log
2013-12-11 16:50 - 2013-12-11 16:50 - 00000000 _____ C:\Users\annika\defogger_reenable
2013-12-11 16:48 - 2013-12-11 16:48 - 01061389 _____ (Farbar) C:\Users\annika\Desktop\FRST.exe
2013-12-11 16:48 - 2013-12-11 16:48 - 00377856 _____ C:\Users\annika\Desktop\n5tkwvqx.exe
2013-12-11 16:47 - 2013-12-11 16:47 - 00050477 _____ C:\Users\annika\Desktop\Defogger.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 06:44 - 2013-12-11 06:44 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 06:44 - 2013-12-11 06:44 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-11 06:44 - 2013-12-11 06:44 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-11 06:44 - 2013-12-11 06:44 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-11 06:44 - 2013-12-11 06:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 06:43 - 2013-12-11 06:46 - 00010464 _____ C:\Windows\IE11_main.log
2013-12-10 19:30 - 2013-12-10 19:30 - 00000000 ____D C:\Users\annika\Desktop\Wintersemester 2013-2014
2013-12-10 17:11 - 2013-12-10 17:11 - 00000000 ____D C:\Users\annika\Desktop\domglas 2013
2013-12-10 16:49 - 2013-12-10 16:50 - 01110034 _____ C:\Users\annika\Downloads\AdwCleaner(2).exe
2013-12-10 15:53 - 2013-12-10 15:53 - 01867568 _____ C:\Users\annika\Downloads\wrar501d.exe
2013-12-10 15:53 - 2013-12-10 15:53 - 01867568 _____ C:\Users\annika\Downloads\wrar501d(1).exe
2013-12-10 15:47 - 2013-12-11 06:44 - 00000000 ___HD C:\Users\annika\AppData\Roaming\Yfcyyffcy
2013-12-09 16:11 - 2013-12-09 16:11 - 00000000 ____D C:\Users\annika\AppData\Local\SearchProtect
2013-12-06 12:36 - 2013-12-06 12:36 - 11927254 _____ C:\Users\annika\Downloads\Netzwerkkarte.bmp
2013-12-01 18:37 - 2013-12-11 16:42 - 00000000 ____D C:\ProgramData\Conduit
2013-12-01 18:37 - 2013-12-01 18:37 - 00000000 ____D C:\Users\annika\AppData\Local\NativeMessaging
2013-12-01 18:37 - 2013-12-01 18:37 - 00000000 ____D C:\Users\annika\AppData\Local\CRE
2013-12-01 18:37 - 2013-12-01 18:37 - 00000000 ____D C:\Users\annika\AppData\Local\Conduit
2013-12-01 18:37 - 2013-12-01 18:37 - 00000000 ____D C:\Program Files\Conduit
2013-12-01 18:36 - 2013-12-11 16:42 - 00000000 ____D C:\Users\annika\AppData\Roaming\SearchProtect
2013-12-01 18:36 - 2013-12-11 16:42 - 00000000 ____D C:\Program Files\SearchProtect
2013-12-01 18:35 - 2013-12-06 14:56 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-01 18:35 - 2013-12-01 18:38 - 00000009 _____ C:\END
2013-12-01 18:35 - 2013-12-01 18:35 - 00000995 _____ C:\Users\annika\Desktop\Edraw Mind Map.lnk
2013-12-01 18:35 - 2013-12-01 18:35 - 00000000 ____D C:\Users\annika\Documents\Edraw Mind Map
2013-12-01 18:35 - 2013-12-01 18:35 - 00000000 ____D C:\Program Files\Edraw Mind Map
2013-12-01 18:34 - 2013-12-01 18:34 - 00923784 _____ (CNET Download.com) C:\Users\annika\Downloads\cbsidlm-cbsi145-Edraw_Mind_Map-ORG-197599.exe
2013-11-14 18:34 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:34 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:34 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:34 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:34 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:34 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:34 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:34 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:34 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:34 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:34 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:34 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:34 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:34 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 18:33 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:33 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:33 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:33 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

==================== One Month Modified Files and Folders =======

2013-12-11 16:52 - 2013-12-11 16:52 - 00015599 _____ C:\Users\annika\Desktop\FRST.txt
2013-12-11 16:52 - 2013-12-11 16:52 - 00000000 ____D C:\FRST
2013-12-11 16:50 - 2013-12-11 16:50 - 00000474 _____ C:\Users\annika\Desktop\defogger_disable.log
2013-12-11 16:50 - 2013-12-11 16:50 - 00000000 _____ C:\Users\annika\defogger_reenable
2013-12-11 16:50 - 2012-07-08 01:00 - 00000000 ____D C:\Users\annika
2013-12-11 16:48 - 2013-12-11 16:48 - 01061389 _____ (Farbar) C:\Users\annika\Desktop\FRST.exe
2013-12-11 16:48 - 2013-12-11 16:48 - 00377856 _____ C:\Users\annika\Desktop\n5tkwvqx.exe
2013-12-11 16:48 - 2012-07-08 00:53 - 02002376 _____ C:\Windows\WindowsUpdate.log
2013-12-11 16:47 - 2013-12-11 16:47 - 00050477 _____ C:\Users\annika\Desktop\Defogger.exe
2013-12-11 16:47 - 2012-11-09 20:11 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 16:44 - 2012-11-09 20:11 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 16:44 - 2010-11-20 22:48 - 00167742 _____ C:\Windows\PFRO.log
2013-12-11 16:44 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 16:44 - 2009-07-14 05:39 - 00027624 _____ C:\Windows\setupact.log
2013-12-11 16:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-11 16:42 - 2013-12-01 18:37 - 00000000 ____D C:\ProgramData\Conduit
2013-12-11 16:42 - 2013-12-01 18:36 - 00000000 ____D C:\Users\annika\AppData\Roaming\SearchProtect
2013-12-11 16:42 - 2013-12-01 18:36 - 00000000 ____D C:\Program Files\SearchProtect
2013-12-11 16:33 - 2012-08-08 20:08 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-948160820-3572534582-2540179571-1000UA.job
2013-12-11 16:33 - 2012-07-08 15:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 09:30 - 2013-10-14 11:53 - 00000000 ____D C:\Users\annika\AppData\Roaming\Dropbox
2013-12-11 06:56 - 2013-10-14 11:54 - 00000000 ___RD C:\Users\annika\Dropbox
2013-12-11 06:54 - 2009-07-14 05:34 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 06:54 - 2009-07-14 05:34 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 06:48 - 2013-09-17 19:54 - 00000000 ____D C:\Program Files\WinRAR
2013-12-11 06:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-11 06:46 - 2013-12-11 06:43 - 00010464 _____ C:\Windows\IE11_main.log
2013-12-11 06:44 - 2013-12-11 06:44 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 06:44 - 2013-12-11 06:44 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 06:44 - 2013-12-11 06:44 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-11 06:44 - 2013-12-11 06:44 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-11 06:44 - 2013-12-11 06:44 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-11 06:44 - 2013-12-11 06:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-11 06:44 - 2013-12-11 06:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-11 06:44 - 2013-12-11 06:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 06:44 - 2013-12-10 15:47 - 00000000 ___HD C:\Users\annika\AppData\Roaming\Yfcyyffcy
2013-12-10 21:13 - 2012-08-08 20:08 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-948160820-3572534582-2540179571-1000Core.job
2013-12-10 19:30 - 2013-12-10 19:30 - 00000000 ____D C:\Users\annika\Desktop\Wintersemester 2013-2014
2013-12-10 17:11 - 2013-12-10 17:11 - 00000000 ____D C:\Users\annika\Desktop\domglas 2013
2013-12-10 16:52 - 2013-10-24 14:33 - 00000000 ____D C:\AdwCleaner
2013-12-10 16:50 - 2013-12-10 16:49 - 01110034 _____ C:\Users\annika\Downloads\AdwCleaner(2).exe
2013-12-10 16:11 - 2010-11-20 22:01 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 15:54 - 2013-09-17 19:54 - 00000000 ____D C:\Users\annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-10 15:53 - 2013-12-10 15:53 - 01867568 _____ C:\Users\annika\Downloads\wrar501d.exe
2013-12-10 15:53 - 2013-12-10 15:53 - 01867568 _____ C:\Users\annika\Downloads\wrar501d(1).exe
2013-12-10 08:01 - 2012-07-08 20:29 - 00000000 ____D C:\Users\annika\AppData\Roaming\Skype
2013-12-09 16:11 - 2013-12-09 16:11 - 00000000 ____D C:\Users\annika\AppData\Local\SearchProtect
2013-12-06 14:56 - 2013-12-01 18:35 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-06 12:36 - 2013-12-06 12:36 - 11927254 _____ C:\Users\annika\Downloads\Netzwerkkarte.bmp
2013-12-05 19:36 - 2012-09-28 10:38 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-04 18:05 - 2013-02-04 11:56 - 00000000 ___RD C:\Program Files\Skype
2013-12-04 18:05 - 2012-07-08 20:29 - 00000000 ____D C:\ProgramData\Skype
2013-12-01 18:38 - 2013-12-01 18:35 - 00000009 _____ C:\END
2013-12-01 18:37 - 2013-12-01 18:37 - 00000000 ____D C:\Users\annika\AppData\Local\NativeMessaging
2013-12-01 18:37 - 2013-12-01 18:37 - 00000000 ____D C:\Users\annika\AppData\Local\CRE
2013-12-01 18:37 - 2013-12-01 18:37 - 00000000 ____D C:\Users\annika\AppData\Local\Conduit
2013-12-01 18:37 - 2013-12-01 18:37 - 00000000 ____D C:\Program Files\Conduit
2013-12-01 18:35 - 2013-12-01 18:35 - 00000995 _____ C:\Users\annika\Desktop\Edraw Mind Map.lnk
2013-12-01 18:35 - 2013-12-01 18:35 - 00000000 ____D C:\Users\annika\Documents\Edraw Mind Map
2013-12-01 18:35 - 2013-12-01 18:35 - 00000000 ____D C:\Program Files\Edraw Mind Map
2013-12-01 18:34 - 2013-12-01 18:34 - 00923784 _____ (CNET Download.com) C:\Users\annika\Downloads\cbsidlm-cbsi145-Edraw_Mind_Map-ORG-197599.exe
2013-11-29 18:05 - 2013-07-03 19:19 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-11-26 16:31 - 2013-05-06 10:14 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-26 16:31 - 2012-09-28 10:38 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-26 16:31 - 2012-09-28 10:38 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-22 23:13 - 2012-07-09 06:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-21 21:54 - 2013-11-06 22:18 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-11-20 07:24 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-16 11:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-16 00:29 - 2013-11-06 19:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 08:28 - 2013-07-12 23:38 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 08:27 - 2012-07-08 19:20 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2012-07-08 14:35 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\annika\AppData\Local\Temp\-kssnldr.dll
C:\Users\annika\AppData\Local\Temp\avgnt.exe
C:\Users\annika\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-01 13:27

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-12-2013 01
Ran by annika at 2013-12-11 16:53:19
Running from C:\Users\annika\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

4Free Video Converter 3
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70727.2219)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.26)
Audacity 2.0.3 (Version: 2.0.3)
Avira Free Antivirus (Version: 14.0.1.759)
AVS Media Player 4.1.10.99 (Version: 4.1.10.99)
AVS Video Converter 8 (Version: 8.3.2.533)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0806.1213.19931)
Catalyst Control Center Graphics Previews Common (Version: 2012.0806.1213.19931)
Catalyst Control Center Localization All (Version: 2012.0806.1213.19931)
CCC Help Chinese Standard (Version: 2012.0806.1212.19931)
CCC Help Chinese Traditional (Version: 2012.0806.1212.19931)
CCC Help Czech (Version: 2012.0806.1212.19931)
CCC Help Danish (Version: 2012.0806.1212.19931)
CCC Help Dutch (Version: 2012.0806.1212.19931)
CCC Help English (Version: 2012.0806.1212.19931)
CCC Help Finnish (Version: 2012.0806.1212.19931)
CCC Help French (Version: 2012.0806.1212.19931)
CCC Help German (Version: 2012.0806.1212.19931)
CCC Help Greek (Version: 2012.0806.1212.19931)
CCC Help Hungarian (Version: 2012.0806.1212.19931)
CCC Help Italian (Version: 2012.0806.1212.19931)
CCC Help Japanese (Version: 2012.0806.1212.19931)
CCC Help Korean (Version: 2012.0806.1212.19931)
CCC Help Norwegian (Version: 2012.0806.1212.19931)
CCC Help Polish (Version: 2012.0806.1212.19931)
CCC Help Portuguese (Version: 2012.0806.1212.19931)
CCC Help Russian (Version: 2012.0806.1212.19931)
CCC Help Spanish (Version: 2012.0806.1212.19931)
CCC Help Swedish (Version: 2012.0806.1212.19931)
CCC Help Thai (Version: 2012.0806.1212.19931)
CCC Help Turkish (Version: 2012.0806.1212.19931)
ccc-utility (Version: 2012.0806.1213.19931)
Citavi (Version: 3.4.0.2)
Conexant Audio Driver For AMD HDMI Codec (Version: 4.98.26.0)
Conexant HD Audio (Version: 4.119.0.61)
dm-Fotowelt (Version: 5.0.4)
EBookToMP3 (Version: Aktuelle Version)
Edraw Mind Map 7
ElsterFormular (Version: 14.0.0.10899)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Free Driver Scout (Version: 1.0.0.0)
Free YouTube to MP3 Converter version 3.11.26.706 (Version: 3.11.26.706)
FreeFileSync 5.14 (Version: 5.14)
FreeMind (Version: 1.0.0)
Google Chrome (Version: 31.0.1650.63)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.22.3)
Intel(R) Control Center (Version: 1.2.1.1011)
Intel(R) Management Engine Components (Version: 6.2.50.1050)
Intel(R) Rapid Storage Technology (Version: 9.5.7.1002)
Intel(R) Turbo Boost Technology Driver (Version: 01.02.00.1002)
IrfanView (remove only) (Version: 4.35)
JavaFX 2.1.1 (Version: 2.1.1)
MAGIX Slideshow Maker 2 (Version: 2.0.0.8)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Motorola Device Manager (Version: 2.2.28)
Motorola Device Software Update (Version: 1.0.40)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
Mozilla Firefox 18.0.1 (x86 de) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 24.1.1)
Mozilla Thunderbird 24.1.1 (x86 de) (Version: 24.1.1)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MyPhoneExplorer (Version: 1.8.4)
OpenOffice.org 3.4 (Version: 3.4.9590)
PDFCreator (Version: 1.4.3)
Phase 5 HTML-Editor (Version: 5.6.2.3)
Pinnacle VideoSpin (Version: 2.0.0.669)
RealSpeak Solo fur Deutsch - Steffi (Version: 4.00.0000)
Realtek WLAN Driver (Version: 2.00.0006)
Skype™ 6.11 (Version: 6.11.102)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
SUPERAntiSpyware (Version: 5.6.1040)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
System Requirements Lab for Intel (Version: 4.5.5.0)
Texmaker
TOSHIBA Assist (Version: 2.01.12)
TOSHIBA eco Utility (Version: 1.2.10.0)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.6)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VIS
VLC media player 2.0.2 (Version: 2.0.2)
WinRAR 5.01 (32-Bit) (Version: 5.01.0)

==================== Restore Points  =========================

15-11-2013 07:26:26 Windows Update
19-11-2013 14:53:34 Windows Update
22-11-2013 22:17:29 Windows Update
25-11-2013 07:44:16 Windows-Sicherung
26-11-2013 10:13:09 Windows Update
01-12-2013 18:00:35 Windows-Sicherung
03-12-2013 06:39:21 Windows Update
06-12-2013 11:27:14 Windows Update
08-12-2013 18:00:42 Windows-Sicherung
10-12-2013 14:46:44 Windows Update
11-12-2013 05:41:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {208DDB64-5B10-444A-B63D-E6BF7DED956D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-948160820-3572534582-2540179571-1000UA => C:\Users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-08] (Facebook Inc.)
Task: {21647A7C-FA0C-4DFA-97D1-4F4100FD7889} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {40F5C142-A9C2-458F-95F5-C689DBFFE6CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {49D9AF3C-10A2-474C-8D16-20083F68FC65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)
Task: {810A3A50-3A86-485F-9040-C9B95DBC97A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {9CAF08F3-3843-44A0-B9A4-FE146169B5D4} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {B59D0DDB-F7E0-4BB9-9A97-DE0E446DB9FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)
Task: {BE9D3BF5-6345-423A-A528-808F863FB5B2} - \BackgroundContainer Startup Task No Task File
Task: {CA30DDF6-F1F1-4A94-BD8E-AF4D12189E74} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {CFAD0A5A-EA9B-4D19-8D87-9D029184AD36} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-948160820-3572534582-2540179571-1000Core => C:\Users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-08] (Facebook Inc.)
Task: {E325F650-B15A-4D9F-8C04-598E0310DECB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-948160820-3572534582-2540179571-1000Core.job => C:\Users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-948160820-3572534582-2540179571-1000UA.job => C:\Users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-17 14:56 - 2010-03-17 14:56 - 00537976 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2012-08-06 11:07 - 2012-08-06 11:07 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 16:40 - 2010-02-05 16:40 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2013 04:45:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 04:33:39 PM) (Source: Google Update) (User: annika-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/11/2013 09:13:06 AM) (Source: Google Update) (User: annika-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/11/2013 06:50:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 06:49:04 AM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/10/2013 05:35:33 PM) (Source: Application Hang) (User: )
Description: Programm avscan.exe, Version 14.0.1.645 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4f68

Startzeit: 01cef5bb95739784

Endzeit: 51852

Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe

Berichts-ID: f3c74d47-61b8-11e3-bf58-00266ca0436c

Error: (12/10/2013 03:42:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 03:42:26 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/10/2013 08:01:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 08:01:01 AM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)


System errors:
=============
Error: (12/11/2013 04:44:20 PM) (Source: NetBT) (User: )
Description: Der Name "ANNIKA-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.4
registriert werden. Der Computer mit IP-Adresse 192.168.1.2 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (12/11/2013 04:44:20 PM) (Source: NetBT) (User: )
Description: Der Name "ANNIKA-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.4
registriert werden. Der Computer mit IP-Adresse 192.168.1.2 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (12/11/2013 04:44:20 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{6AC2BBC7-92FC-44E5-B886-243008F80A6A} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (12/11/2013 04:43:33 PM) (Source: NetBT) (User: )
Description: Der Name "ANNIKA-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.4
registriert werden. Der Computer mit IP-Adresse 192.168.1.2 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (12/11/2013 04:43:33 PM) (Source: NetBT) (User: )
Description: Der Name "ANNIKA-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.4
registriert werden. Der Computer mit IP-Adresse 192.168.1.2 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (12/06/2013 02:56:44 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/02/2013 00:38:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/02/2013 00:38:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (11/29/2013 10:05:26 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/22/2013 11:14:46 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JANSEMAN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6AC2BBC7-92FC-44E5-B886-243008-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (12/11/2013 04:45:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 04:33:39 PM) (Source: Google Update)(User: annika-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/11/2013 09:13:06 AM) (Source: Google Update)(User: annika-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/11/2013 06:50:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 06:49:04 AM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/10/2013 05:35:33 PM) (Source: Application Hang)(User: )
Description: avscan.exe14.0.1.6454f6801cef5bb9573978451852C:\Program Files\Avira\AntiVir Desktop\avscan.exef3c74d47-61b8-11e3-bf58-00266ca0436c

Error: (12/10/2013 03:42:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 03:42:26 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/10/2013 08:01:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 08:01:01 AM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 3061.86 MB
Available physical RAM: 2117.48 MB
Total Pagefile: 6122.01 MB
Available Pagefile: 4451.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.13 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.42 GB) (Free:159.27 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.95 GB) (Free:26.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: C2CCDE94)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

GMER läuft jetzt mit quickscan. C aus und D aus, war das richtig?

Fehlermeldung:

Warning!!! GMER has found system modification caused by ROOTKIT activity.

Als button gibt es nur "OK" und jetzt?

Ich warte jetzt auf deine Antwort, damit ich nichts falsch mache!

Das Warnmeldefenster ist immer noch geöffnet.

Psychotic · 12.12.2013, 17:05

Das war gut so. Klicke auf okay. Wenn GMER fertig ist, poste das Log.

erdbeere7 · 12.12.2013, 18:11

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-12 18:10:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK6476GSXN rev.GB001M 596,17GB
Running: n5tkwvqx.exe; Driver: C:\Users\annika\AppData\Local\Temp\uwliqpod.sys


---- System - GMER 2.1 ----

SSDT            9132C59E                                                                                                            ZwCreateSection
SSDT            9132C5A8                                                                                                            ZwRequestWaitReplyPort
SSDT            9132C5A3                                                                                                            ZwSetContextThread
SSDT            9132C5AD                                                                                                            ZwSetSecurityObject
SSDT            9132C5B2                                                                                                            ZwSystemDebugControl
SSDT            9132C53F                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                            82E50A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82E8A212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                 82E9158C 4 Bytes  [9E, C5, 32, 91] {SAHF ; LDS ESI, [EDX]; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                 82E918E8 4 Bytes  [A8, C5, 32, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                 82E9192C 4 Bytes  [A3, C5, 32, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                 82E919A8 4 Bytes  [AD, C5, 32, 91] {LODSD ; LDS ESI, [EDX]; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                 82E919FC 4 Bytes  [B2, C5, 32, 91]
.text           ...                                                                                                                 
?               System32\drivers\qrebjad.sys                                                                                        Das System kann den angegebenen Pfad nicht finden. !
?               C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                                                      Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x92C0A000, 0x147F58, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Windows\Explorer.EXE[2248] WININET.dll!InternetReadFileExW                                                       75A71FFE 5 Bytes  JMP 039733B0 
.text           C:\Windows\Explorer.EXE[2248] WININET.dll!InternetReadFileExA                                                       75A72055 5 Bytes  JMP 0397335C 
.text           C:\Windows\Explorer.EXE[2248] WININET.dll!HttpOpenRequestW                                                          75AC2957 5 Bytes  JMP 03971E24 
.text           C:\Windows\Explorer.EXE[2248] WININET.dll!InternetCloseHandle                                                       75AC5B7F 5 Bytes  JMP 0397355C 
.text           C:\Windows\Explorer.EXE[2248] WININET.dll!HttpQueryInfoA                                                            75AC72A0 5 Bytes  JMP 03973404 
.text           C:\Windows\Explorer.EXE[2248] WININET.dll!HttpQueryInfoW                                                            75AC8612 5 Bytes  JMP 039734B0 
.text           C:\Windows\Explorer.EXE[2248] WININET.dll!InternetReadFile                                                          75AD4390 5 Bytes  JMP 03973308 
.text           C:\Windows\Explorer.EXE[2248] WININET.dll!InternetQueryDataAvailable                                                75AD8461 5 Bytes  JMP 039732BC 
.text           C:\Windows\Explorer.EXE[2248] WININET.dll!HttpSendRequestW                                                          75AD8DD0 5 Bytes  JMP 03972F14 
.text           C:\Windows\Explorer.EXE[2248] WININET.dll!HttpSendRequestA                                                          75AEF6FA 5 Bytes  JMP 03972F60 
.text           C:\Windows\Explorer.EXE[2248] WININET.dll!HttpOpenRequestA                                                          75B5FA9D 5 Bytes  JMP 03971FE8 

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys
---- Processes - GMER 2.1 ----

Library         C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (*** hidden *** ) @ C:\Windows\Explorer.EXE [2248]                   0x6D220000                                                                                                                                           

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xE9 0x02 0x6C 0xFA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x97 0x20 0x4E 0x9A ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0xB1 0xCD 0x45 0x5A ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 2.1 ----

Psychotic · 13.12.2013, 09:06

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von hier

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

erdbeere7 · 13.12.2013, 10:28

Code:

ATTFilter

ComboFix 13-12-13.01 - annika 13.12.2013  10:16:22.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3062.1846 [GMT 1:00]
ausgeführt von:: c:\users\annika\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-13 bis 2013-12-13  ))))))))))))))))))))))))))))))
.
.
2013-12-13 09:20 . 2013-12-13 09:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-13 09:20 . 2013-12-13 09:20	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-12-11 15:52 . 2013-12-11 15:52	--------	d-----w-	C:\FRST
2013-12-10 15:05 . 2013-12-11 17:30	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{405B356D-9E29-40DE-A261-65F47CACA126}\offreg.dll
2013-12-10 14:47 . 2013-11-08 01:15	7772552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{405B356D-9E29-40DE-A261-65F47CACA126}\mpengine.dll
2013-12-10 14:47 . 2013-12-11 05:44	--------	d--h--w-	c:\users\annika\AppData\Roaming\Yfcyyffcy
2013-12-09 15:11 . 2013-12-09 15:11	--------	d-----w-	c:\users\annika\AppData\Local\SearchProtect
2013-12-01 17:37 . 2013-12-11 15:42	--------	d-----w-	c:\programdata\Conduit
2013-12-01 17:37 . 2013-12-01 17:37	--------	d-----w-	c:\users\annika\AppData\Local\NativeMessaging
2013-12-01 17:37 . 2013-12-01 17:37	--------	d-----w-	c:\users\annika\AppData\Local\Conduit
2013-12-01 17:37 . 2013-12-01 17:37	--------	d-----w-	c:\users\annika\AppData\Local\CRE
2013-12-01 17:37 . 2013-12-01 17:37	--------	d-----w-	c:\program files\Conduit
2013-12-01 17:36 . 2013-12-11 15:42	--------	d-----w-	c:\program files\SearchProtect
2013-12-01 17:36 . 2013-12-11 15:42	--------	d-----w-	c:\users\annika\AppData\Roaming\SearchProtect
2013-12-01 17:35 . 2013-12-06 13:56	--------	d-----w-	c:\program files\MyPC Backup
2013-12-01 17:35 . 2013-12-01 17:35	--------	d-----w-	c:\program files\Edraw Mind Map
2013-11-14 17:33 . 2013-10-12 02:01	679424	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-11-14 17:33 . 2013-10-12 02:03	656896	----a-w-	c:\windows\system32\nshwfp.dll
2013-11-14 17:33 . 2013-10-12 02:01	216576	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2013-11-14 17:33 . 2013-10-05 19:57	1168384	----a-w-	c:\windows\system32\crypt32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-05 18:36 . 2012-09-28 09:38	90400	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-11-26 15:31 . 2013-05-06 09:14	67680	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-11-26 15:31 . 2012-09-28 09:38	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-11-26 15:31 . 2012-09-28 09:38	137208	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-11-11 04:50 . 2012-07-08 13:35	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-10-09 01:00 . 2012-07-08 14:21	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 01:00 . 2012-07-08 14:21	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-08 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"Spotify Web Helper"="c:\users\annika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-14 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-10 1697064]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-03-17 1328480]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-11-26 683576]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-03 111928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2010-03-05 516152]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-12-11 108032]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 20864]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 8448]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 23808]
S0 SASKUTIL;SASKUTIL; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-26 37352]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 217600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-11-26 440376]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-07-05 78848]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-02-22 66600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2012-02-04 1118312]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - UWLIQPOD
*Deregistered* - uwliqpod
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 08:48	1210320	----a-w-	c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 01:00]
.
2013-12-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-948160820-3572534582-2540179571-1000Core.job
- c:\users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-08 19:08]
.
2013-12-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-948160820-3572534582-2540179571-1000UA.job
- c:\users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-08 19:08]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 19:11]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 19:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Free YouTube to MP3 Converter - c:\users\annika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN39384754189038173&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Connect DLC 5 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN39384754189038173&UM=2&q=
FF - ExtSQL: 2013-10-23 16:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-10-23 18:30; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-12-01 18:36; {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}; c:\users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
AddRemove-VIS - c:\users\annika\AppData\Roaming\Windows Net Data\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-13  10:22:29
ComboFix-quarantined-files.txt  2013-12-13 09:22
.
Vor Suchlauf: 13 Verzeichnis(se), 171.451.957.248 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 172.465.606.656 Bytes frei
.
- - End Of File - - 1F34FB8CEFCD38E04267593146FD8029
A36C5E4F47E84449FF07ED3517B43A31

soll ich den rechner jetzt neu starten? Gefragt hat er nach nix.

Psychotic · 14.12.2013, 15:57

Schritt 1: CF-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

FOLDER::
c:\users\annika\AppData\Roaming\Yfcyyffcy
c:\users\annika\AppData\Local\SearchProtect
c:\programdata\Conduit
c:\users\annika\AppData\Local\NativeMessaging
c:\users\annika\AppData\Local\Conduit
c:\users\annika\AppData\Local\CRE
c:\program files\Conduit
c:\program files\SearchProtect
c:\users\annika\AppData\Roaming\SearchProtect
c:\program files\MyPC Backup
c:\program files\Edraw Mind Map
c:\users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
FIREFOX::
FF - ProfilePath - c:\users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN39384754189038173&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Connect DLC 5 Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN39384754189038173&UM=2&q=
FF - ExtSQL: 2013-12-01 18:36; {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}; c:\users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
CLEARJAVACACHE::

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 2: MBAM

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

erdbeere7 · 14.12.2013, 21:01

ich hab combofix gestartet, sollte ich die txt datei einfach auf das symbol ziehen? ich hab hier jetzt wieder das Autoscan fenster mit dem blauen hintergrund und der tut irgendwas?

Also der hat mir wieder eine combofix.txt erstellt. ich zieh dann einfach mal deine CFScript auf das symbol, ja?

Code:

ATTFilter

ComboFix 13-12-13.01 - annika 14.12.2013  16:51:34.3.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3062.1870 [GMT 1:00]
ausgeführt von:: c:\users\annika\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\annika\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\program files\Conduit\CT3306061\plugins\TBVerifier.dll
c:\program files\Edraw Mind Map
c:\program files\Edraw Mind Map\BaseCore.dll
c:\program files\Edraw Mind Map\config\blank.edx
c:\program files\Edraw Mind Map\config\ChartLayouts\Column.xml
c:\program files\Edraw Mind Map\config\DataFormat\CHN.xml
c:\program files\Edraw Mind Map\config\DataFormat\GER.xml
c:\program files\Edraw Mind Map\config\DataFormat\Lang.xml
c:\program files\Edraw Mind Map\config\DataFormat\USA.xml
c:\program files\Edraw Mind Map\config\Edraw.exe.sf
c:\program files\Edraw Mind Map\config\en.dll.sf
c:\program files\Edraw Mind Map\config\ExpMessage.xml
c:\program files\Edraw Mind Map\config\ExpMessage_CHN.xml
c:\program files\Edraw Mind Map\config\lang.ini
c:\program files\Edraw Mind Map\config\objectmodule.dll.sf
c:\program files\Edraw Mind Map\config\PresetThemeColors.xml
c:\program files\Edraw Mind Map\config\PresetThemeEffects.xml
c:\program files\Edraw Mind Map\config\PresetThemeFonts.xml
c:\program files\Edraw Mind Map\config\PresetThemeFonts_cn.xml
c:\program files\Edraw Mind Map\config\PresetThemes.xml
c:\program files\Edraw Mind Map\config\PresetThemes_cn.xml
c:\program files\Edraw Mind Map\config\settings.xml
c:\program files\Edraw Mind Map\config\ThemeColors.xml
c:\program files\Edraw Mind Map\config\ThemeEffects.xml
c:\program files\Edraw Mind Map\config\ThemeFonts.xml
c:\program files\Edraw Mind Map\config\Themes.xml
c:\program files\Edraw Mind Map\config\update.ini
c:\program files\Edraw Mind Map\config\user.cfg
c:\program files\Edraw Mind Map\dbghelp.dll
c:\program files\Edraw Mind Map\dic\en_US.aff
c:\program files\Edraw Mind Map\dic\en_US.dic
c:\program files\Edraw Mind Map\dic\userdict-csj
c:\program files\Edraw Mind Map\edhunspell.dll
c:\program files\Edraw Mind Map\Edraw.exe
c:\program files\Edraw Mind Map\Edraw.url
c:\program files\Edraw Mind Map\edrawmind-licenseagreement.txt
c:\program files\Edraw Mind Map\GdiPlus.dll
c:\program files\Edraw Mind Map\help\ContextHelp\addanchor.htm
c:\program files\Edraw Mind Map\help\ContextHelp\addassistant.htm
c:\program files\Edraw Mind Map\help\ContextHelp\addcolleague.htm
c:\program files\Edraw Mind Map\help\ContextHelp\addpage.htm
c:\program files\Edraw Mind Map\help\ContextHelp\addsubordinate.htm
c:\program files\Edraw Mind Map\help\ContextHelp\addtext.htm
c:\program files\Edraw Mind Map\help\ContextHelp\align.htm
c:\program files\Edraw Mind Map\help\ContextHelp\arc.htm
c:\program files\Edraw Mind Map\help\ContextHelp\arrangementdir.htm
c:\program files\Edraw Mind Map\help\ContextHelp\background.htm
c:\program files\Edraw Mind Map\help\ContextHelp\bringtofront.htm
c:\program files\Edraw Mind Map\help\ContextHelp\centerdrawing.htm
c:\program files\Edraw Mind Map\help\ContextHelp\changepagesize.htm
c:\program files\Edraw Mind Map\help\ContextHelp\connectionpoints.htm
c:\program files\Edraw Mind Map\help\ContextHelp\connectorstyle.htm
c:\program files\Edraw Mind Map\help\ContextHelp\connectortext.htm
c:\program files\Edraw Mind Map\help\ContextHelp\connectortypes.htm
c:\program files\Edraw Mind Map\help\ContextHelp\contextualtab.htm
c:\program files\Edraw Mind Map\help\ContextHelp\convertpath.htm
c:\program files\Edraw Mind Map\help\ContextHelp\copyformat.htm
c:\program files\Edraw Mind Map\help\ContextHelp\copyshape.htm
c:\program files\Edraw Mind Map\help\ContextHelp\createbasicdiagram.htm
c:\program files\Edraw Mind Map\help\ContextHelp\crop.htm
c:\program files\Edraw Mind Map\help\ContextHelp\curvedconnector.htm
c:\program files\Edraw Mind Map\help\ContextHelp\defaultformat.htm
c:\program files\Edraw Mind Map\help\ContextHelp\deleteanchor.htm
c:\program files\Edraw Mind Map\help\ContextHelp\disconnect.htm
c:\program files\Edraw Mind Map\help\ContextHelp\distance.htm
c:\program files\Edraw Mind Map\help\ContextHelp\distribute.htm
c:\program files\Edraw Mind Map\help\ContextHelp\drawingscale.htm
c:\program files\Edraw Mind Map\help\ContextHelp\ellipse.htm
c:\program files\Edraw Mind Map\help\ContextHelp\exportdata.htm
c:\program files\Edraw Mind Map\help\ContextHelp\exportpdf.htm
c:\program files\Edraw Mind Map\help\ContextHelp\fill.htm
c:\program files\Edraw Mind Map\help\ContextHelp\fontsymbol.htm
c:\program files\Edraw Mind Map\help\ContextHelp\formatconnector.htm
c:\program files\Edraw Mind Map\help\ContextHelp\formattext.htm
c:\program files\Edraw Mind Map\help\ContextHelp\freeform.htm
c:\program files\Edraw Mind Map\help\ContextHelp\geometry.htm
c:\program files\Edraw Mind Map\help\ContextHelp\group.htm
c:\program files\Edraw Mind Map\help\ContextHelp\hyperlink.htm
c:\program files\Edraw Mind Map\help\ContextHelp\images\addassistant.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\addcolleague.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\addconnectionpoint.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\addline.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\addoval.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\addsubordinate.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\addsubtopic.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\adjustconnector.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\backgroundview.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\connecthandle.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\connectortext.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\connectshape.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\createcornerpoint.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\createsmoothpoint.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\crop.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\ctrlpt.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\cursorline.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\cursoroval.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\cursorrect.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\curvedconnector1.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\curvedconnector2.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\curvedconnector3.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\deleteconnectionpoint.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\disconnect.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\dragcolleague.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\dragshapes.gif
c:\program files\Edraw Mind Map\help\ContextHelp\images\dragtosubordinate.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\drawrect.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\dynamicgrid.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\editsegment.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\freeformadjust.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\freeformdraw.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\glueconnector.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\handle.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\inserttopic.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\linejump.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\linestyle.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\mainbutton.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\moveshape.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\movetextblock.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\multipleselect.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\mytheme.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\pencurvefollowline.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\pendrawcurve.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\pendrawcurve2.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\pendrawline.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\penlinefollowcurve.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\pentowcurves1.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\pentwocurve2.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\quickstyledefault.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\relationship.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\renamelibrary.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\resizeshape.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\resizetextblock.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\rotateconnectortext.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\rotatehandle.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\rotateshape.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\rotatetextblock.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\rowcolumns.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\savetheme.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\selectobject.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\selectobjects.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\selectsegments.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\setdefaulttheme.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\setthemetype.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\shapeformatmenu.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\sizeheight.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\sizewidth.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\smoothtocorner.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\startpagebasicdiagrams.gif
c:\program files\Edraw Mind Map\help\ContextHelp\images\straightconnector1.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\straightconnector2.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\straightconnector3.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\tablemove.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\tableselectrow.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\theme.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\themecolors.png
c:\program files\Edraw Mind Map\help\ContextHelp\images\undoredo.png
c:\program files\Edraw Mind Map\help\ContextHelp\index.htm
c:\program files\Edraw Mind Map\help\ContextHelp\Insertpicture.htm
c:\program files\Edraw Mind Map\help\ContextHelp\insertsubtopic.htm
c:\program files\Edraw Mind Map\help\ContextHelp\inserttopic.htm
c:\program files\Edraw Mind Map\help\ContextHelp\keyboard.htm
c:\program files\Edraw Mind Map\help\ContextHelp\line.htm
c:\program files\Edraw Mind Map\help\ContextHelp\linejump.htm
c:\program files\Edraw Mind Map\help\ContextHelp\linetool.htm
c:\program files\Edraw Mind Map\help\ContextHelp\modifypicture.htm
c:\program files\Edraw Mind Map\help\ContextHelp\moveanchor.htm
c:\program files\Edraw Mind Map\help\ContextHelp\moveshapes.htm
c:\program files\Edraw Mind Map\help\ContextHelp\multipleselect.htm
c:\program files\Edraw Mind Map\help\ContextHelp\normalview.htm
c:\program files\Edraw Mind Map\help\ContextHelp\numbering.htm
c:\program files\Edraw Mind Map\help\ContextHelp\ole.htm
c:\program files\Edraw Mind Map\help\ContextHelp\orgdistance.htm
c:\program files\Edraw Mind Map\help\ContextHelp\orglayoutstyle.htm
c:\program files\Edraw Mind Map\help\ContextHelp\outline.htm
c:\program files\Edraw Mind Map\help\ContextHelp\ovaltool.htm
c:\program files\Edraw Mind Map\help\ContextHelp\paste.htm
c:\program files\Edraw Mind Map\help\ContextHelp\pen.htm
c:\program files\Edraw Mind Map\help\ContextHelp\pencil.htm
c:\program files\Edraw Mind Map\help\ContextHelp\pencurvefollowline.htm
c:\program files\Edraw Mind Map\help\ContextHelp\penlinefollowcurve.htm
c:\program files\Edraw Mind Map\help\ContextHelp\pentwocurves.htm
c:\program files\Edraw Mind Map\help\ContextHelp\polygon.htm
c:\program files\Edraw Mind Map\help\ContextHelp\print.htm
c:\program files\Edraw Mind Map\help\ContextHelp\properties.htm
c:\program files\Edraw Mind Map\help\ContextHelp\protect.htm
c:\program files\Edraw Mind Map\help\ContextHelp\publish.htm
c:\program files\Edraw Mind Map\help\ContextHelp\quickstyle.htm
c:\program files\Edraw Mind Map\help\ContextHelp\rect.htm
c:\program files\Edraw Mind Map\help\ContextHelp\recttool.htm
c:\program files\Edraw Mind Map\help\ContextHelp\registration.htm
c:\program files\Edraw Mind Map\help\ContextHelp\relationship.htm
c:\program files\Edraw Mind Map\help\ContextHelp\relayout.htm
c:\program files\Edraw Mind Map\help\ContextHelp\renamelibrary.htm
c:\program files\Edraw Mind Map\help\ContextHelp\reorderpage.htm
c:\program files\Edraw Mind Map\help\ContextHelp\resetconnector.htm
c:\program files\Edraw Mind Map\help\ContextHelp\resizeshapes.htm
c:\program files\Edraw Mind Map\help\ContextHelp\rightangleconnector.htm
c:\program files\Edraw Mind Map\help\ContextHelp\rotateshapes.htm
c:\program files\Edraw Mind Map\help\ContextHelp\rounded.htm
c:\program files\Edraw Mind Map\help\ContextHelp\ruler.htm
c:\program files\Edraw Mind Map\help\ContextHelp\samesize.htm
c:\program files\Edraw Mind Map\help\ContextHelp\saveafile.htm
c:\program files\Edraw Mind Map\help\ContextHelp\select.htm
c:\program files\Edraw Mind Map\help\ContextHelp\selectall.htm
c:\program files\Edraw Mind Map\help\ContextHelp\selectbytype.htm
c:\program files\Edraw Mind Map\help\ContextHelp\sendtoback.htm
c:\program files\Edraw Mind Map\help\ContextHelp\shadow.htm
c:\program files\Edraw Mind Map\help\ContextHelp\shapebasics.htm
c:\program files\Edraw Mind Map\help\ContextHelp\snapglue.htm
c:\program files\Edraw Mind Map\help\ContextHelp\spiral.htm
c:\program files\Edraw Mind Map\help\ContextHelp\star.htm
c:\program files\Edraw Mind Map\help\ContextHelp\straightconnector.htm
c:\program files\Edraw Mind Map\help\ContextHelp\table.htm
c:\program files\Edraw Mind Map\help\ContextHelp\tableborders.htm
c:\program files\Edraw Mind Map\help\ContextHelp\tablemargin.htm
c:\program files\Edraw Mind Map\help\ContextHelp\templatefor.htm
c:\program files\Edraw Mind Map\help\ContextHelp\textblock.htm
c:\program files\Edraw Mind Map\help\ContextHelp\theme.htm
c:\program files\Edraw Mind Map\help\ContextHelp\themecolors.htm
c:\program files\Edraw Mind Map\help\ContextHelp\undoredo.htm
c:\program files\Edraw Mind Map\help\ContextHelp\vectortext.htm
c:\program files\Edraw Mind Map\lang\en.dll
c:\program files\Edraw Mind Map\library\BasicShape\3Dblock.edt
c:\program files\Edraw Mind Map\library\BasicShape\Arrow Connectors.edt
c:\program files\Edraw Mind Map\library\BasicShape\arrow.edt
c:\program files\Edraw Mind Map\library\BasicShape\backgrounds.edt
c:\program files\Edraw Mind Map\library\BasicShape\backgrounds2.edt
c:\program files\Edraw Mind Map\library\BasicShape\BasicShapes.edt
c:\program files\Edraw Mind Map\library\BasicShape\borders.edt
c:\program files\Edraw Mind Map\library\BasicShape\bubbleshapes.edt
c:\program files\Edraw Mind Map\library\BasicShape\callouts.edt
c:\program files\Edraw Mind Map\library\BasicShape\Common Shapes.edt
c:\program files\Edraw Mind Map\library\BasicShape\connectors.edt
c:\program files\Edraw Mind Map\library\BasicShape\Creative Shapes.edt
c:\program files\Edraw Mind Map\library\BasicShape\Dimensioning.edt
c:\program files\Edraw Mind Map\library\BasicShape\highlightshapes.edt
c:\program files\Edraw Mind Map\library\BasicShape\highlightshapes2.edt
c:\program files\Edraw Mind Map\library\BasicShape\Titles.edt
c:\program files\Edraw Mind Map\library\Flowchart\basicflow.edt
c:\program files\Edraw Mind Map\library\Gallery\GalleryInfo_mind.xml
c:\program files\Edraw Mind Map\library\Gallery\images\basicdraw\2d.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\basicdraw\3d.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\basicdraw\blank.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\basicdraw\highlightshapes.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\building\electrical.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\building\elevation.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\building\floorplan.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\building\homeplan.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\building\officelayout.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\arrowdiagrams.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\business-matrix.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\Circle-Spoke.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\Circular Digram.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\epc.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\faulttree.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\fiveforces.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\idef0.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\List and Process.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\Matrix.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\pest.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\processsteps.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\pyramid.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\sixsigma.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\tqm.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\valuechain.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\valuestream.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\business_diagrams\venn.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\charts\market.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\database\chenerd.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\database\databasemodel.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\database\express-g.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\database\martinerd.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\database\ormdiagram.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\Electrical\basic electrical.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\Electrical\Circuits.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\Electrical\Industrial.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\Electrical\pfd.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\Electrical\pid.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\Electrical\systems.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\fashion\Child.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\fashion\Girl.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\fashion\Man.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\flowchart\auditflow.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\flowchart\basicflow.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\flowchart\bpmn.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\flowchart\causeeffect.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\flowchart\cross-h.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\flowchart\cross-v.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\flowchart\dataflow.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\flowchart\highlightflow.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\flowchart\sdl.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\flowchart\workflow.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\forms\card.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\forms\fax.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\forms\flyer.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\forms\invoice.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\forms\sales.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\maps\3dmap.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\maps\continent\geo-africa.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\maps\continent\geo-asia.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\maps\continent\geo-australia.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\maps\continent\geo-europe.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\maps\continent\geo-n-america.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\maps\continent\geo-s-america.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\maps\continent\Thumbs.db
c:\program files\Edraw Mind Map\library\Gallery\images\maps\directional-map.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\maps\Thumbs.db
c:\program files\Edraw Mind Map\library\Gallery\images\mindmap\bubble.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\mindmap\concept.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\mindmap\mind.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\3dnetwork.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\activedirectory.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\cisco-color-icons.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\cisco-corporate-icons.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\cisco-doc-icons.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\cisco-market-icons.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\ciscomisc.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\ciscoproducts.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\ldap.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\netarea.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\netbase.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\netcisco.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\netdetail.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\netsymbol.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\network\rack.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\orgchart\familytree.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\orgchart\orgbase.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\orgchart\orgcustom.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\orgchart\orgphoto.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\project\calendar.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\project\decisiontree.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\project\gantt.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\project\pert.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\project\relation.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\project\timeline.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\project\wbs.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\science\atommodels.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\science\chemicalequation.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\science\laboratory.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\science\mathematics.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\science\mechanics.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\science\Optics.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\Booch.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\comole.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\datamodel.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\enterprise-app.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\jackbson.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\jackson.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\Nassi.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\program.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\ProgramStructure.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\ROOM.BMP
c:\program files\Edraw Mind Map\library\Gallery\images\software\shlaer.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\SSADM.BMP
c:\program files\Edraw Mind Map\library\Gallery\images\software\uml.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\win7ui.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\software\yourdon.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\animals.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\business.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\businessscren.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\Finance.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\flags.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\fruit.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\office.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\people.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\profession.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\school.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\technology.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\vehicles.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\symbols\weather.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\web\conceptual.bmp
c:\program files\Edraw Mind Map\library\Gallery\images\web\sitemap.bmp
c:\program files\Edraw Mind Map\library\Gallery\RecentTemplates.xml
c:\program files\Edraw Mind Map\library\index.xml
c:\program files\Edraw Mind Map\library\library_mind.xml
c:\program files\Edraw Mind Map\library\Mind Map\conceptmap.edt
c:\program files\Edraw Mind Map\library\Mind Map\mind shapes.edt
c:\program files\Edraw Mind Map\library\Mind Map\symbols.edt
c:\program files\Edraw Mind Map\library\Symbols\Animal.edt
c:\program files\Edraw Mind Map\library\Symbols\Business People.edt
c:\program files\Edraw Mind Map\library\Symbols\Business scene.edt
c:\program files\Edraw Mind Map\library\Symbols\Business.edt
c:\program files\Edraw Mind Map\library\Symbols\Finance.edt
c:\program files\Edraw Mind Map\library\Symbols\Fingers.edt
c:\program files\Edraw Mind Map\library\Symbols\Flags.edt
c:\program files\Edraw Mind Map\library\Symbols\food.edt
c:\program files\Edraw Mind Map\library\Symbols\Objects.edt
c:\program files\Edraw Mind Map\library\Symbols\Office.edt
c:\program files\Edraw Mind Map\library\Symbols\People.edt
c:\program files\Edraw Mind Map\library\Symbols\People2.edt
c:\program files\Edraw Mind Map\library\Symbols\Profession.edt
c:\program files\Edraw Mind Map\library\Symbols\School.edt
c:\program files\Edraw Mind Map\library\Symbols\Technology.edt
c:\program files\Edraw Mind Map\library\Symbols\Vehicle.edt
c:\program files\Edraw Mind Map\library\Symbols\Weather.edt
c:\program files\Edraw Mind Map\library\thum\Animals.edl
c:\program files\Edraw Mind Map\library\thum\Arrow Connectors.edl
c:\program files\Edraw Mind Map\library\thum\Arrow Shapes.edl
c:\program files\Edraw Mind Map\library\thum\Background 2.edl
c:\program files\Edraw Mind Map\library\thum\Background.edl
c:\program files\Edraw Mind Map\library\thum\Basic Drawing Shapes.edl
c:\program files\Edraw Mind Map\library\thum\Basic Flowchart Shapes.edl
c:\program files\Edraw Mind Map\library\thum\Borders.edl
c:\program files\Edraw Mind Map\library\thum\Bubble Shapes.edl
c:\program files\Edraw Mind Map\library\thum\Business People.edl
c:\program files\Edraw Mind Map\library\thum\Business scene.edl
c:\program files\Edraw Mind Map\library\thum\Business.edl
c:\program files\Edraw Mind Map\library\thum\Callouts.edl
c:\program files\Edraw Mind Map\library\thum\Connectors.edl
c:\program files\Edraw Mind Map\library\thum\Finances.edl
c:\program files\Edraw Mind Map\library\thum\Fingers.edl
c:\program files\Edraw Mind Map\library\thum\Flags.edl
c:\program files\Edraw Mind Map\library\thum\Food.edl
c:\program files\Edraw Mind Map\library\thum\Mind Shapes.edl
c:\program files\Edraw Mind Map\library\thum\Office.edl
c:\program files\Edraw Mind Map\library\thum\People.edl
c:\program files\Edraw Mind Map\library\thum\Profession.edl
c:\program files\Edraw Mind Map\library\thum\School.edl
c:\program files\Edraw Mind Map\library\thum\Symbols.edl
c:\program files\Edraw Mind Map\library\thum\Technology.edl
c:\program files\Edraw Mind Map\library\thum\Titles.edl
c:\program files\Edraw Mind Map\library\thum\Vehicles.edl
c:\program files\Edraw Mind Map\library\thum\Weather.edl
c:\program files\Edraw Mind Map\mfc100u.dll
c:\program files\Edraw Mind Map\Microsoft.Windows.GdiPlus.manifest
c:\program files\Edraw Mind Map\msvcp100.dll
c:\program files\Edraw Mind Map\msvcr100.dll
c:\program files\Edraw Mind Map\ObjectModule.dll
c:\program files\Edraw Mind Map\officeviewer.ocx
c:\program files\Edraw Mind Map\PDFExporter.dll
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Concept Map Template 2.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Concept Map Template.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Decision Making.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Introduction.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Life Planner.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Life Purpose.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Marketing Strategy.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Meeting.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Mind Map Topics.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\PEST Analysis.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Problem Solving.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Project Timeline.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Risk Management.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Self Analysis.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\Simple Topics.edx
c:\program files\Edraw Mind Map\samples\Edraw Examples\Mind Map\SWOT Analysis.edx
c:\program files\Edraw Mind Map\samples\samples - mind.xml
c:\program files\Edraw Mind Map\samples\thum\Basic Diagram-.edi
c:\program files\Edraw Mind Map\samples\thum\Basic Diagram-Block 2D.edi
c:\program files\Edraw Mind Map\samples\thum\Basic Diagram-Block 3D.edi
c:\program files\Edraw Mind Map\samples\thum\Basic Diagram-Highlight Shapes.edi
c:\program files\Edraw Mind Map\samples\thum\Business  Diagram-Audit Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Business  Diagram-Basic Flowchart.edi
c:\program files\Edraw Mind Map\samples\thum\Business  Diagram-Brainstorming Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Business  Diagram-Cause and Effect (Fishbone).edi
c:\program files\Edraw Mind Map\samples\thum\Business  Diagram-Marketing Charts and Diagrams.edi
c:\program files\Edraw Mind Map\samples\thum\Business  Diagram-Organizational Chart.edi
c:\program files\Edraw Mind Map\samples\thum\Business  Diagram-Work Flow Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Arrows Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Audit Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Basic Flowchart.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Brainstorming Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Business Matrix.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Cause and Effect (Fishbone).edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Circle-Spoke Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Circular Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Data Flow Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-EPC.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Fault Tree Analysis.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Five Forces Chart.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Lists.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Marketing Charts and Diagrams.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Matrix.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Organizational Chart.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-PEST Chart.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Process Steps.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Pyramid Chart.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Relationship Matrix.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Six Sigma Matrix.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-TQM.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Value Chain.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Value Stream Mapping.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Venn Chart.edi
c:\program files\Edraw Mind Map\samples\thum\Business Diagram-Work Flow Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Business Form-.edi
c:\program files\Edraw Mind Map\samples\thum\Business Form-Business Card.edi
c:\program files\Edraw Mind Map\samples\thum\Business Form-Fax Cover.edi
c:\program files\Edraw Mind Map\samples\thum\Business Form-Flyer.edi
c:\program files\Edraw Mind Map\samples\thum\Business Form-Invoice.edi
c:\program files\Edraw Mind Map\samples\thum\Business Form-Sales.edi
c:\program files\Edraw Mind Map\samples\thum\Clip Art-.edi
c:\program files\Edraw Mind Map\samples\thum\Database-.edi
c:\program files\Edraw Mind Map\samples\thum\Database-Chen ERD.edi
c:\program files\Edraw Mind Map\samples\thum\Database-ORM Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Engineering-.edi
c:\program files\Edraw Mind Map\samples\thum\Engineering-Basic Electrical.edi
c:\program files\Edraw Mind Map\samples\thum\Engineering-Circuits and Logic.edi
c:\program files\Edraw Mind Map\samples\thum\Engineering-Industrial Control Systems.edi
c:\program files\Edraw Mind Map\samples\thum\Engineering-Process and Instrument Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Engineering-Process Flow Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Engineering-Systems.edi
c:\program files\Edraw Mind Map\samples\thum\Floor Plans-.edi
c:\program files\Edraw Mind Map\samples\thum\Floor Plans-Electrical and Telecom Plan.edi
c:\program files\Edraw Mind Map\samples\thum\Floor Plans-Elevations.edi
c:\program files\Edraw Mind Map\samples\thum\Floor Plans-Floor Plan.edi
c:\program files\Edraw Mind Map\samples\thum\Floor Plans-Home Plan.edi
c:\program files\Edraw Mind Map\samples\thum\Floor Plans-Office Layout.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-Basic Flowchart.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-Business Process Modeling Notation.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-Cross Functional Horizontal.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-Cross Functional Vertical.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-Data Flow Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-Highlight Flowchart.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-IDEF Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-IDEF0.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-List and Process.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-SDL Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Flowchart-Work Flow Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Maps-.edi
c:\program files\Edraw Mind Map\samples\thum\Maps-Directional Map - 3D.edi
c:\program files\Edraw Mind Map\samples\thum\Maps-Directional Map.edi
c:\program files\Edraw Mind Map\samples\thum\Mind Map-.edi
c:\program files\Edraw Mind Map\samples\thum\Mind Map-Bubble Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Mind Map-Concept Map.edi
c:\program files\Edraw Mind Map\samples\thum\Mind Map-Mind Mapping Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Network-.edi
c:\program files\Edraw Mind Map\samples\thum\Network-3D Network Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Network-Active Directory.edi
c:\program files\Edraw Mind Map\samples\thum\Network-Basic Network Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Network-Cisco Networks.edi
c:\program files\Edraw Mind Map\samples\thum\Network-Detail Network Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Network-LDAP.edi
c:\program files\Edraw Mind Map\samples\thum\Network-Logical Network Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Network-Network Location Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Network-Network Planform.edi
c:\program files\Edraw Mind Map\samples\thum\Network-Rack Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Organizational Chart-.edi
c:\program files\Edraw Mind Map\samples\thum\Organizational Chart-Basic Organizational Chart.edi
c:\program files\Edraw Mind Map\samples\thum\Organizational Chart-Custom Organizational Chart.edi
c:\program files\Edraw Mind Map\samples\thum\Organizational Chart-Family Tree.edi
c:\program files\Edraw Mind Map\samples\thum\Organizational Chart-Photo Organizational Chart.edi
c:\program files\Edraw Mind Map\samples\thum\Project Management-.edi
c:\program files\Edraw Mind Map\samples\thum\Project Management-Calendar.edi
c:\program files\Edraw Mind Map\samples\thum\Project Management-Decision Tree.edi
c:\program files\Edraw Mind Map\samples\thum\Project Management-Gantt.edi
c:\program files\Edraw Mind Map\samples\thum\Project Management-Matrix.edi
c:\program files\Edraw Mind Map\samples\thum\Project Management-PERT Chart.edi
c:\program files\Edraw Mind Map\samples\thum\Project Management-Relations Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Project Management-Timeline.edi
c:\program files\Edraw Mind Map\samples\thum\Project Management-Work Breakdown Structure (WBS).edi
c:\program files\Edraw Mind Map\samples\thum\Science-.edi
c:\program files\Edraw Mind Map\samples\thum\Science-Chemistry Equation.edi
c:\program files\Edraw Mind Map\samples\thum\Science-Laboratory Equipment.edi
c:\program files\Edraw Mind Map\samples\thum\Science-Mechanics.edi
c:\program files\Edraw Mind Map\samples\thum\Science-Molecular Model.edi
c:\program files\Edraw Mind Map\samples\thum\Science-Optics.edi
c:\program files\Edraw Mind Map\samples\thum\Software-.edi
c:\program files\Edraw Mind Map\samples\thum\Software-Booch OOD.edi
c:\program files\Edraw Mind Map\samples\thum\Software-Data Flow Model Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Software-Nassi Schneiderman.edi
c:\program files\Edraw Mind Map\samples\thum\Software-Shlaer-Mellor OOA.edi
c:\program files\Edraw Mind Map\samples\thum\Software-SSADM.edi
c:\program files\Edraw Mind Map\samples\thum\Software-UML Model Diagram.edi
c:\program files\Edraw Mind Map\samples\thum\Software-Windows 7 UI.edi
c:\program files\Edraw Mind Map\samples\thum\Web Diagram-.edi
c:\program files\Edraw Mind Map\samples\thum\Web Diagram-Conceptual Web Site.edi
c:\program files\Edraw Mind Map\samples\thum\Web Diagram-Web Site Map.edi
c:\program files\Edraw Mind Map\SVGExporter.dll
c:\program files\Edraw Mind Map\texture\001.jpg
c:\program files\Edraw Mind Map\texture\002.jpg
c:\program files\Edraw Mind Map\texture\003.jpg
c:\program files\Edraw Mind Map\texture\004.jpg
c:\program files\Edraw Mind Map\texture\005.jpg
c:\program files\Edraw Mind Map\texture\006.jpg
c:\program files\Edraw Mind Map\texture\007.jpg
c:\program files\Edraw Mind Map\texture\008.jpg
c:\program files\Edraw Mind Map\texture\009.jpg
c:\program files\Edraw Mind Map\texture\010.jpg
c:\program files\Edraw Mind Map\texture\011.jpg
c:\program files\Edraw Mind Map\texture\012.jpg
c:\program files\Edraw Mind Map\texture\013.jpg
c:\program files\Edraw Mind Map\texture\014.jpg
c:\program files\Edraw Mind Map\texture\015.jpg
c:\program files\Edraw Mind Map\texture\016.jpg
c:\program files\Edraw Mind Map\texture\017.jpg
c:\program files\Edraw Mind Map\texture\018.jpg
c:\program files\Edraw Mind Map\texture\019.jpg
c:\program files\Edraw Mind Map\texture\020.jpg
c:\program files\Edraw Mind Map\texture\021.jpg
c:\program files\Edraw Mind Map\texture\022.jpg
c:\program files\Edraw Mind Map\texture\023.jpg
c:\program files\Edraw Mind Map\texture\024.jpg
c:\program files\Edraw Mind Map\texture\025.jpg
c:\program files\Edraw Mind Map\texture\026.jpg
c:\program files\Edraw Mind Map\texture\027.jpg
c:\program files\Edraw Mind Map\texture\028.jpg
c:\program files\Edraw Mind Map\texture\029.jpg
c:\program files\Edraw Mind Map\texture\030.jpg
c:\program files\Edraw Mind Map\texture\031.jpg
c:\program files\Edraw Mind Map\texture\032.jpg
c:\program files\Edraw Mind Map\texture\033.jpg
c:\program files\Edraw Mind Map\texture\034.jpg
c:\program files\Edraw Mind Map\texture\035.jpg
c:\program files\Edraw Mind Map\texture\036.jpg
c:\program files\Edraw Mind Map\texture\037.jpg
c:\program files\Edraw Mind Map\texture\038.jpg
c:\program files\Edraw Mind Map\texture\039.jpg
c:\program files\Edraw Mind Map\texture\040.jpg
c:\program files\Edraw Mind Map\texture\041.jpg
c:\program files\Edraw Mind Map\texture\042.jpg
c:\program files\Edraw Mind Map\texture\043.jpg
c:\program files\Edraw Mind Map\texture\044.jpg
c:\program files\Edraw Mind Map\texture\045.jpg
c:\program files\Edraw Mind Map\texture\046.jpg
c:\program files\Edraw Mind Map\texture\047.jpg
c:\program files\Edraw Mind Map\texture\048.jpg
c:\program files\Edraw Mind Map\ThumbView.dll
c:\program files\Edraw Mind Map\unins000.dat
c:\program files\Edraw Mind Map\unins000.exe
c:\program files\Edraw Mind Map\Uninstall.ico
c:\program files\Edraw Mind Map\VersionInfo.txt
c:\program files\MyPC Backup
c:\program files\MyPC Backup\DEL_UnRegisterExtensions.exe
c:\program files\SearchProtect
c:\programdata\Conduit
c:\programdata\Conduit\Multi\CT3306061\configutaion.json
c:\programdata\Conduit\Multi\CT3306061\SetupIcon.ico
c:\programdata\Conduit\Multi\CT3306061\UninstallerUI.exe
c:\users\annika\AppData\Local\Conduit
c:\users\annika\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
c:\users\annika\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll
c:\users\annika\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll
c:\users\annika\AppData\Local\Conduit\Chrome\CT3306061\CHUninstaller.exe
c:\users\annika\AppData\Local\Conduit\Chrome\CT3306061\configutaion.json
c:\users\annika\AppData\Local\Conduit\Chrome\CT3306061\Uninstaller.ico
c:\users\annika\AppData\Local\Conduit\Chrome\CT3306061\UninstallerUI.exe
c:\users\annika\AppData\Local\CRE
c:\users\annika\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
c:\users\annika\AppData\Local\NativeMessaging
c:\users\annika\AppData\Local\NativeMessaging\CT3306061\1_0_0_4\nmHostConfig.json
c:\users\annika\AppData\Local\NativeMessaging\CT3306061\1_0_0_4\nmHostManifest.json
c:\users\annika\AppData\Local\NativeMessaging\CT3306061\1_0_0_4\TBMessagingHost.exe
c:\users\annika\AppData\Local\NativeMessaging\CT3306061\nmHostManifest.json
c:\users\annika\AppData\Local\SearchProtect
c:\users\annika\AppData\Roaming\SearchProtect
c:\users\annika\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\annika\AppData\Roaming\Yfcyyffcy
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-14 bis 2013-12-14  ))))))))))))))))))))))))))))))
.
.
2013-12-14 15:56 . 2013-12-14 15:56	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-12-14 15:56 . 2013-12-14 15:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-14 12:15 . 2013-11-08 01:15	7772552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F4ADDB8-C719-4F1D-96E5-C0D5EB6E998B}\mpengine.dll
2013-12-14 12:14 . 2013-12-14 12:14	--------	d-----w-	c:\users\annika\AppData\Roaming\AVAST Software
2013-12-14 12:14 . 2013-12-14 12:13	57672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-12-14 12:14 . 2013-12-14 12:13	178304	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-12-14 12:14 . 2013-12-14 12:13	403440	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-12-14 12:14 . 2013-12-14 12:13	774392	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-12-14 12:14 . 2013-12-14 12:13	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-12-14 12:14 . 2013-12-14 12:13	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-12-14 12:14 . 2013-12-14 12:13	79720	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-12-14 12:14 . 2013-12-14 12:13	35656	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-12-14 12:13 . 2013-12-14 12:13	269216	----a-w-	c:\windows\system32\aswBoot.exe
2013-12-14 12:13 . 2013-12-14 12:13	43152	----a-w-	c:\windows\avastSS.scr
2013-12-14 12:13 . 2013-12-14 12:13	--------	d-----w-	c:\program files\AVAST Software
2013-12-14 11:46 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-14 11:46 . 2013-05-10 03:48	164864	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-13 09:13 . 2013-11-23 18:26	417792	----a-w-	c:\windows\system32\WMPhoto.dll
2013-12-13 09:13 . 2013-11-12 02:07	2048	----a-w-	c:\windows\system32\tzres.dll
2013-12-13 09:13 . 2013-10-30 01:27	2349056	----a-w-	c:\windows\system32\win32k.sys
2013-12-13 09:12 . 2013-10-04 01:49	81408	----a-w-	c:\windows\system32\drivers\drmk.sys
2013-12-13 09:12 . 2013-10-04 01:17	177152	----a-w-	c:\windows\system32\drivers\portcls.sys
2013-12-13 09:12 . 2013-10-12 02:04	121856	----a-w-	c:\windows\system32\wshom.ocx
2013-12-13 09:12 . 2013-10-12 02:03	163840	----a-w-	c:\windows\system32\scrrun.dll
2013-12-13 09:12 . 2013-10-12 01:15	141824	----a-w-	c:\windows\system32\wscript.exe
2013-12-13 09:12 . 2013-10-12 01:15	126976	----a-w-	c:\windows\system32\cscript.exe
2013-12-13 09:12 . 2013-10-19 01:36	159232	----a-w-	c:\windows\system32\imagehlp.dll
2013-12-13 09:12 . 2013-10-30 02:19	301568	----a-w-	c:\windows\system32\msieftp.dll
2013-12-11 15:52 . 2013-12-11 15:52	--------	d-----w-	C:\FRST
2013-11-14 17:34 . 2013-10-04 01:56	1796096	----a-w-	c:\windows\system32\authui.dll
2013-11-14 17:33 . 2013-10-12 02:01	679424	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-11-14 17:33 . 2013-10-12 02:03	656896	----a-w-	c:\windows\system32\nshwfp.dll
2013-11-14 17:33 . 2013-10-12 02:01	216576	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2013-11-14 17:33 . 2013-10-05 19:57	1168384	----a-w-	c:\windows\system32\crypt32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-05 18:36 . 2012-09-28 09:38	90400	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-11-26 15:31 . 2013-05-06 09:14	67680	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-11-26 15:31 . 2012-09-28 09:38	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-11-26 15:31 . 2012-09-28 09:38	137208	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-11-11 04:50 . 2012-07-08 13:35	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-10-09 01:00 . 2012-07-08 14:21	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 01:00 . 2012-07-08 14:21	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-14 12:13	321752	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-08 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"Spotify Web Helper"="c:\users\annika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-14 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-10 1697064]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-03-17 1328480]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-11-26 683576]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-03 111928]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-14 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2010-03-05 516152]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 20864]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 8448]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 23808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-26 37352]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 217600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-11-26 440376]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 189808]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-05-03 2497848]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-07-05 78848]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-02-22 66600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2012-02-04 1118312]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWTDI
*NewlyCreated* - ASWVMM
*NewlyCreated* - HWVWFTCT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 08:48	1210320	----a-w-	c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 01:00]
.
2013-12-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-948160820-3572534582-2540179571-1000Core.job
- c:\users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-08 19:08]
.
2013-12-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-948160820-3572534582-2540179571-1000UA.job
- c:\users\annika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-08 19:08]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 19:11]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 19:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Free YouTube to MP3 Converter - c:\users\annika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - ExtSQL: 2013-10-23 16:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-10-23 18:30; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\1gq3lm1w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-12-14 13:13; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Edraw Mind Map Freeware_is1 - c:\program files\Edraw Mind Map\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-14  16:57:39
ComboFix-quarantined-files.txt  2013-12-14 15:57
ComboFix2.txt  2013-12-14 15:40
.
Vor Suchlauf: 16 Verzeichnis(se), 172.120.096.768 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 172.075.503.616 Bytes frei
.
- - End Of File - - 0AFCD93B729B6253D8CD65903D1CC065
A36C5E4F47E84449FF07ED3517B43A31

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.14.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
annika :: ANNIKA-PC [Administrator]

14.12.2013 17:06:45
mbam-log-2013-12-14 (17-06-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 458472
Laufzeit: 3 Stunde(n), 46 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
G:\downlo\SoftonicDownloader_fuer_freemind.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\programme\Babylon\Utils\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\meins\desktop_alt\2013\Music\MyPhoneExplorer_Setup_1.8.4(1).exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\meins\desktop_alt\2013\Music\FreeFileSync_5.14_Windows_Setup.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\meins\desktop_alt\2013\Music\MyPhoneExplorer_Setup_1.8.4.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Müssen die Quarantänedateien auch gelöscht werden?

10.12.2013, 18:15	#6
Psychotic /// Malwareteam	Bin planlos. MS DOS emailanhang geöffnet! Lass uns erstmal sehen, was MBAM uns sagt. Vorher kann ich noch überhaupt nichts sagen - weder positiv, noch negativ. Formatiert und neu installiert ist schnell, allerdings wird es dauern, bis du all deine Software wieder drauf hast. __________________ --> Bin planlos. MS DOS emailanhang geöffnet!

12.12.2013, 17:05	#10
Psychotic /// Malwareteam	Bin planlos. MS DOS emailanhang geöffnet! Das war gut so. Klicke auf okay. Wenn GMER fertig ist, poste das Log. __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Bin planlos. MS DOS emailanhang geöffnet!

Plagegeister aller Art und deren Bekämpfung: Bin planlos. MS DOS emailanhang geöffnet!