|
Log-Analyse und Auswertung: Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.07.2014, 23:28 | #1 |
| Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365 Guten Abend, mein Internet ist sehr langsam geworden. Deshalb hab ich öfters (an verschiedenen Tagen) erst Malwarebytes & im Anschluss adwcleaner_3.215.exe durchlaufen lassen. Heute kam beim 2.ten Durchlauf in MWB dann diese Meldung. Gefundenes Element: PUP.Optional.Conduit.A Typ: Datei Bei den "Scan´s" davor kam weitere Meldungen. u.a. desk.365,....leider weiß ich die jetzt nicht mehr auswendig. Hier schon mal die Ergebnisse von FRST: FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01 Ran by Jürgen (administrator) on YVONNEPC on 16-07-2014 00:19:35 Running from C:\Users\Jürgen\Music\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\WINDOWS\WindowsMobile\wmdc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehsched.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-06] (AVAST Software) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2729437562-1770265655-3760295961-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2729437562-1770265655-3760295961-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2729437562-1770265655-3760295961-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Mail.lnk ShortcutTarget: Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {3BD98039-BBB0-46C8-9ADA-0FE98AB5879C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 SearchScopes: HKLM - {4E8316CF-23A9-4807-93F1-F492F460F250} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de SearchScopes: HKLM - {95D81EC8-72E0-4CC2-BA51-5E3F2107249B} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {20FDA867-FB48-440A-8FB3-57A075BE9790} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {3BD98039-BBB0-46C8-9ADA-0FE98AB5879C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 SearchScopes: HKCU - {4E8316CF-23A9-4807-93F1-F492F460F250} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de SearchScopes: HKCU - {95D81EC8-72E0-4CC2-BA51-5E3F2107249B} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {9CC1F29B-0317-4BBA-B9D1-4D613C8B9DF4} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {A8549FC4-D7C1-45A1-88B2-599E321942FA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {C203CEDA-3953-4BCA-9F2C-FB646F021C22} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {C2231A76-776B-4774-9685-CA3A7840AF5F} URL = hxxp://www.google.de/search?q={searchTerms} BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: avast! Ad Blocker - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2013-08-27] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-25] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-11-27] Chrome: ======= CHR HomePage: hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV= CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV=", "https://de.yahoo.com?fr=hp-avast&type=prc265" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-02] CHR Extension: (YouTube) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-02] CHR Extension: (Google-Suche) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-02] CHR Extension: (Google Kalender) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-07] CHR Extension: (Google Maps) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-11-07] CHR Extension: (Google Wallet) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02] CHR Extension: (Google Mail) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-02] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06] CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\JRGEN~1\AppData\Local\Temp\tbch.crx [2014-07-06] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software) S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed] R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries) R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-13] (SurfRight B.V.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed] S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-06] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-06] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-06] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-06] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-06] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-06] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-06] () R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [75640 2014-07-13] () S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-16 00:12 - 2014-07-16 00:19 - 00000000 ____D () C:\FRST 2014-07-14 23:05 - 2014-07-15 01:11 - 00128612 _____ () C:\Users\Jürgen\ESt2013_Patermann_Yvonne.elfo 2014-07-13 16:50 - 2014-07-16 00:08 - 00000000 ____D () C:\Windows\CryptoGuard 2014-07-13 16:50 - 2014-07-14 21:00 - 00000000 ____D () C:\Program Files\HitmanPro.Alert 2014-07-13 16:50 - 2014-07-13 17:09 - 00477008 _____ (SurfRight) C:\Windows\system32\hmpalert.dll 2014-07-13 16:50 - 2014-07-13 17:09 - 00075640 _____ () C:\Windows\system32\Drivers\hmpalert.sys 2014-07-13 16:50 - 2014-07-13 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2014-07-13 16:50 - 2014-07-13 16:50 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2014-07-11 21:21 - 2014-07-11 21:21 - 00005118 _____ () C:\Users\Jürgen\Desktop\AdwCleaner[S1].txt 2014-07-10 23:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-07-10 23:24 - 2014-07-15 22:50 - 00000000 ____D () C:\AdwCleaner 2014-07-10 22:53 - 2014-07-15 23:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-10 22:53 - 2014-07-10 22:53 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-10 22:53 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-10 22:53 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-10 22:53 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-09 20:04 - 2014-07-09 20:04 - 00000771 _____ () C:\Users\Public\Desktop\IrfanView.lnk 2014-07-09 19:54 - 2014-07-09 19:54 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-09 19:54 - 2014-07-09 19:54 - 00000000 _____ () C:\Windows\setupact.log 2014-07-09 19:21 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 19:21 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 19:21 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 19:21 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 19:21 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 19:21 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 19:21 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 19:21 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-07-09 19:21 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 19:21 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 19:21 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-07-09 19:21 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 19:21 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 19:21 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 19:21 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 19:21 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-07-09 19:21 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 19:21 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 19:21 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-07-09 19:21 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 19:21 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-07-09 19:21 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 19:21 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 19:21 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 19:05 - 2014-07-15 22:52 - 00002024 _____ () C:\Windows\PFRO.log 2014-07-06 14:48 - 2014-07-06 14:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-29 20:33 - 2014-06-29 20:33 - 381795578 _____ () C:\Windows\MEMORY.DMP 2014-06-29 20:33 - 2014-06-29 20:33 - 00159808 _____ () C:\Windows\Minidump\Mini062914-01.dmp 2014-06-25 22:40 - 2014-06-25 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer 2014-06-25 22:39 - 2014-06-25 22:39 - 00000000 ____D () C:\Program Files\Tracker Software 2014-06-21 15:46 - 2014-07-14 22:32 - 00104036 _____ () C:\Users\Jürgen\ESt2012_Patermann_Yvonne.elfo 2014-06-21 15:37 - 2014-07-15 01:11 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\.elfohilfe 2014-06-21 15:35 - 2014-06-21 15:35 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\elsterformular 2014-06-21 15:34 - 2014-06-21 15:34 - 00000982 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-06-21 15:34 - 2014-06-21 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-06-21 15:34 - 2014-06-21 15:34 - 00000000 ____D () C:\ProgramData\elsterformular 2014-06-21 15:33 - 2014-06-21 15:33 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-06-17 19:39 - 2014-06-17 19:57 - 00000000 ____D () C:\Users\Jürgen\Sicherung SD-Karte 2014-06-17 2014-06-16 20:56 - 2014-06-16 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin ==================== One Month Modified Files and Folders ======= 2014-07-16 00:19 - 2014-07-16 00:12 - 00000000 ____D () C:\FRST 2014-07-16 00:13 - 2012-08-19 14:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-16 00:08 - 2014-07-13 16:50 - 00000000 ____D () C:\Windows\CryptoGuard 2014-07-16 00:07 - 2012-05-18 14:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-16 00:07 - 2011-07-13 14:16 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Skype 2014-07-15 23:18 - 2014-07-10 22:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-15 23:02 - 2010-03-20 23:52 - 01684329 _____ () C:\Windows\WindowsUpdate.log 2014-07-15 22:53 - 2012-05-18 14:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-15 22:53 - 2010-03-21 00:29 - 00440002 _____ () C:\ProgramData\nvModes.dat 2014-07-15 22:53 - 2010-03-21 00:29 - 00440002 _____ () C:\ProgramData\nvModes.001 2014-07-15 22:53 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-15 22:53 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-15 22:53 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-15 22:52 - 2014-07-09 19:05 - 00002024 _____ () C:\Windows\PFRO.log 2014-07-15 22:51 - 2008-10-26 23:09 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-07-15 22:51 - 2006-11-02 15:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-15 22:50 - 2014-07-10 23:24 - 00000000 ____D () C:\AdwCleaner 2014-07-15 01:14 - 2010-09-28 20:38 - 00000000 ____D () C:\Users\Jürgen\USB Stick - Hama 2014-07-15 01:11 - 2014-07-14 23:05 - 00128612 _____ () C:\Users\Jürgen\ESt2013_Patermann_Yvonne.elfo 2014-07-15 01:11 - 2014-06-21 15:37 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\.elfohilfe 2014-07-14 22:32 - 2014-06-21 15:46 - 00104036 _____ () C:\Users\Jürgen\ESt2012_Patermann_Yvonne.elfo 2014-07-14 22:12 - 2014-05-01 19:19 - 00000000 ____D () C:\Users\Jürgen\Documents\Steuerfälle 2014-07-14 22:03 - 2014-05-01 18:34 - 00000000 ____D () C:\ProgramData\AAV 2014-07-14 21:00 - 2014-07-13 16:50 - 00000000 ____D () C:\Program Files\HitmanPro.Alert 2014-07-13 17:09 - 2014-07-13 16:50 - 00477008 _____ (SurfRight) C:\Windows\system32\hmpalert.dll 2014-07-13 17:09 - 2014-07-13 16:50 - 00075640 _____ () C:\Windows\system32\Drivers\hmpalert.sys 2014-07-13 16:50 - 2014-07-13 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2014-07-13 16:50 - 2014-07-13 16:50 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2014-07-12 16:56 - 2014-02-12 21:37 - 00005299 _____ () C:\Windows\system32\TeamViewer9_Hooks.log 2014-07-12 16:55 - 2014-02-12 21:34 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-07-12 16:55 - 2014-02-12 21:34 - 00000915 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-07-11 21:21 - 2014-07-11 21:21 - 00005118 _____ () C:\Users\Jürgen\Desktop\AdwCleaner[S1].txt 2014-07-10 22:53 - 2014-07-10 22:53 - 00000859 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-09 20:22 - 2006-11-02 12:33 - 01591586 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-09 20:14 - 2012-04-07 16:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-09 20:14 - 2011-07-13 12:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-09 20:12 - 2006-11-02 14:47 - 03892416 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 20:07 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 20:04 - 2014-07-09 20:04 - 00000771 _____ () C:\Users\Public\Desktop\IrfanView.lnk 2014-07-09 20:04 - 2012-08-15 12:45 - 00000000 ____D () C:\Program Files\IrfanView 2014-07-09 20:03 - 2013-07-28 21:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 19:57 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-07-09 19:54 - 2014-07-09 19:54 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-09 19:54 - 2014-07-09 19:54 - 00000000 _____ () C:\Windows\setupact.log 2014-07-06 14:49 - 2014-03-27 20:37 - 00001833 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-07-06 14:49 - 2011-11-27 18:07 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-06 14:48 - 2014-07-06 14:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-06 14:48 - 2014-05-01 13:40 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-07-06 14:48 - 2013-04-26 18:09 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-07-06 14:48 - 2013-04-26 18:09 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-07-06 14:48 - 2011-11-27 18:07 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-07-06 14:48 - 2011-11-27 18:07 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-07-06 14:48 - 2011-11-27 18:07 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-07-06 14:48 - 2011-11-27 18:07 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys 2014-07-06 14:48 - 2011-11-27 18:06 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-07-02 15:28 - 2010-08-25 19:23 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Paint.NET 2014-06-29 20:33 - 2014-06-29 20:33 - 381795578 _____ () C:\Windows\MEMORY.DMP 2014-06-29 20:33 - 2014-06-29 20:33 - 00159808 _____ () C:\Windows\Minidump\Mini062914-01.dmp 2014-06-29 20:33 - 2011-09-28 11:50 - 00000000 ____D () C:\Windows\Minidump 2014-06-25 22:40 - 2014-06-25 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer 2014-06-25 22:39 - 2014-06-25 22:39 - 00000000 ____D () C:\Program Files\Tracker Software 2014-06-25 20:33 - 2013-12-01 12:03 - 00000000 ____D () C:\Users\Jürgen\Documents\Corel 2014-06-21 15:35 - 2014-06-21 15:35 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\elsterformular 2014-06-21 15:34 - 2014-06-21 15:34 - 00000982 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-06-21 15:34 - 2014-06-21 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-06-21 15:34 - 2014-06-21 15:34 - 00000000 ____D () C:\ProgramData\elsterformular 2014-06-21 15:33 - 2014-06-21 15:33 - 00000000 ____D () C:\Program Files\ElsterFormular 2014-06-17 19:57 - 2014-06-17 19:39 - 00000000 ____D () C:\Users\Jürgen\Sicherung SD-Karte 2014-06-17 2014-06-16 21:01 - 2013-09-08 20:05 - 00000000 ____D () C:\ProgramData\Garmin 2014-06-16 20:59 - 2013-09-08 20:04 - 00000000 ____D () C:\ProgramData\Package Cache 2014-06-16 20:57 - 2013-09-08 20:05 - 00000000 ____D () C:\Program Files\Garmin 2014-06-16 20:57 - 2010-07-31 21:48 - 00000000 ____D () C:\Program Files\DIFX 2014-06-16 20:56 - 2014-06-16 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-06-16 20:56 - 2013-09-08 20:13 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Garmin Some content of TEMP: ==================== C:\Users\Jürgen\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-15 23:01 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01 Ran by Jürgen at 2014-07-16 00:21:18 Running from C:\Users\Jürgen\Music\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros) Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland) avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software) Brother MFL-Pro Suite DCP-J315W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant) Corel DESIGNER Technical Suite X5 - DE (Version: 15.2 - Corel Corporation) Hidden Corel DESIGNER Technical Suite X5 - EN (Version: 15.2 - Corel Corporation) Hidden Corel DESIGNER Technical Suite X5 - Extra Content (HKLM\...\_{EB33BD77-DACE-44FD-BA32-9D089EB16C3A}) (Version: - Corel Corporation) Corel DESIGNER Technical Suite X5 - Extra Content (Version: 15.2 - Corel Corporation) Hidden Corel DESIGNER Technical Suite X5 - FR (Version: 15.2 - Corel Corporation) Hidden Corel DESIGNER Technical Suite X5 - IPM (Version: 15.2 - Corel Corporation) Hidden Corel DESIGNER Technical Suite X5 - Setup Files (Version: 15.2 - Corel Corporation) Hidden Corel DESIGNER Technical Suite X5 - WT (Version: 15.1 - Corel Corporation) Hidden Corel DESIGNER Technical Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.661 - Corel Corporation) Corel DESIGNER Technical Suite X5 (Version: 15.2 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension (HKLM\...\_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}) (Version: 15.2.0.661 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 15.2.661 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - DE (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Designer (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FR (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (Version: 15.2 - Corel Corporation) Hidden CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.) CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden Deep Exploration 6 CE (HKLM\...\{AC8B571C-9C6E-47C1-A508-3BF1BCBED443}) (Version: 6.1 - Right Hemisphere) Doxillion Document Converter (HKLM\...\Doxillion) (Version: - NCH Software) Elevated Installer (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen) ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) FinePrint (HKLM\...\FinePrint) (Version: - ) Garmin Express (HKLM\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden General Runtime Files for Nemetschek Allplan 2009 (Version: 1.5.2.0 - Nemetschek) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Earth (HKLM\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden GraphicCorp's Browser+ (HKLM\...\GraphicCorp's Browser+) (Version: - ) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - ) HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation) HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard) HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard) HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard) HPTCSSetup (HKLM\...\{846DDADA-0239-4B67-A6B1-33658863793B}) (Version: 1.1.1963.2799 - Hewlett-Packard Company) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden Mp3tag v2.53 (HKLM\...\Mp3tag) (Version: v2.53 - Florian Heidenreich) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) Nemetschek Allplan 2009 (HKLM\...\{BAED3957-C271-4670-A50D-8D7438701917}) (Version: 2009.0 - ) Nemetschek SoftLock 2006 (HKLM\...\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}) (Version: 1.00.0000 - ) Netzmanager (HKLM\...\Netzmanager) (Version: 1.05 - Deutsche Telekom AG) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC) PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia) pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version: - ) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.2 - Tracker Software Products Ltd) Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.) Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.) PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden Prism Video Converter (HKLM\...\Prism) (Version: - NCH Software) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) SnagIt 8 (HKLM\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation) Steuer-Software 2014 (HKLM\...\{77D53A25-9700-42C7-8305-8E469FEBEE30}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft) Switch Audiodatei-Konverter (HKLM\...\Switch) (Version: - NCH Software) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer) Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH) TreeSize Professional 3.31 (HKLM\...\TreeSize Professional_is1) (Version: - JAM Software) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) WavePad Audiobearbeitungs-Software (HKLM\...\WavePad) (Version: - NCH Software) Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1) (HKLM\...\0852D05415AB9A4F1EF451E342267F76C776ED2F) (Version: 11/03/2006 6.82.0.1 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) XnView 2.00 (HKLM\...\XnView_is1) (Version: 2.00 - Gougelet Pierre-e) ==================== Restore Points ========================= 10-05-2014 09:19:00 Windows Update 10-05-2014 21:17:36 Windows-Sicherung 11-05-2014 17:15:52 Windows-Sicherung 12-05-2014 17:10:45 Geplanter Prüfpunkt 15-05-2014 07:27:24 Windows Update 01-06-2014 09:56:12 Windows Update 09-06-2014 09:54:33 Windows Update 11-06-2014 16:50:07 Windows Update 14-06-2014 21:08:33 Konfiguriert LabelPrint 16-06-2014 18:42:00 Geplanter Prüfpunkt 16-06-2014 18:53:30 Garmin Express 16-06-2014 18:57:12 Gerätetreiber-Paketinstallation: Silicon Labs Software USB-Controller 16-06-2014 18:57:44 Gerätetreiber-Paketinstallation: Dynastream Innovations, Inc. 16-06-2014 18:58:53 Garmin Express 17-06-2014 19:08:10 Windows Update 25-06-2014 18:13:04 Windows Update 29-06-2014 11:43:30 Windows Update 06-07-2014 12:44:12 avast! antivirus system restore point 09-07-2014 17:56:03 Windows Update 15-07-2014 20:37:48 Windows Update ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {050686AA-D8BB-4B21-98AE-7A496D6285C1} - System32\Tasks\NCH Software\switchShakeIcon => C:\Program Files\NCH Software\Switch\Switch.exe Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3A44B37B-C9DF-4D30-A5FD-AC89B523D979} - System32\Tasks\NCH Software\DoxillionReminder => C:\Program Files\NCH Software\Doxillion\Doxillion.exe Task: {3BB9D84C-FE56-427F-A02D-E90AB7211870} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-06-09] () Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {45DEE6EF-1366-41C8-9B4D-A9D18B0AB421} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {5219D54F-6AC8-4806-AEE8-022292B6567A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-18] (Google Inc.) Task: {5FA3CAC7-1716-4509-91AB-36124E6CCA65} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jürgen => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {7A30DBF4-14D2-4FB4-AB41-24AB15EBEE44} - System32\Tasks\HPCeeScheduleForJürgen => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {B64002B0-A3D9-40B2-AAE7-9488D2BF560B} - System32\Tasks\NCH Software\wavepadShakeIcon => C:\Program Files\NCH Software\WavePad\WavePad.exe Task: {CB040A7E-AF1D-48EB-8C1E-23E4E3E77BBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-18] (Google Inc.) Task: {D1F22D72-4827-4972-B116-3DFC1937E183} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {D240D887-6D2A-4606-99BE-B4E3BCBB0866} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {D7BEC886-84B1-4739-BBFC-554AE7AD167E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-06] (AVAST Software) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {FAC25F29-D945-4673-B7DD-849F1D0014A0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForJürgen.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-27 18:06 - 2014-07-06 14:48 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-07-15 21:35 - 2014-07-15 21:35 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071501\algo.dll 2010-07-04 23:32 - 2010-07-04 23:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2007-05-16 11:39 - 2007-05-16 11:39 - 00136776 _____ () C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 2008-10-27 00:48 - 2008-10-06 10:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe 2008-10-27 00:48 - 2008-10-06 10:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll 2008-10-27 00:42 - 2008-09-15 16:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2013-11-07 21:44 - 2014-07-06 14:48 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-06-13 19:23 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-13 19:23 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-13 19:23 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-07-13 15:11 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^Users^Jürgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Netzmanager.lnk => C:\Windows\pss\Netzmanager.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: NokiaMusic FastStart => "C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart MSCONFIG\startupreg: pdfFactory Pro Dispatcher v3 => "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/15/2014 11:40:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/15/2014 11:28:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/15/2014 11:15:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/15/2014 10:58:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18311, Zeitstempel 0x4c8e2d72, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0x0000046b, Fehleroffset 0x0003fd1e, Prozess-ID 0x11ac, Anwendungsstartzeit wmplayer.exe0. Error: (07/15/2014 10:58:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung wmpnetwk.exe, Version 11.0.6001.7000, Zeitstempel 0x47919370, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0x0000046b, Fehleroffset 0x0003fd1e, Prozess-ID 0x880, Anwendungsstartzeit wmpnetwk.exe0. Error: (07/15/2014 10:54:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/15/2014 09:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/14/2014 11:49:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/14/2014 11:45:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/14/2014 09:19:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/15/2014 10:59:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts Error: (07/15/2014 10:54:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (07/15/2014 09:31:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (07/14/2014 09:19:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (07/14/2014 09:16:35 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Gruppenrichtlinienclient Error: (07/14/2014 09:07:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Windows Media Player-Netzwerkfreigabedienst%%1053 Error: (07/14/2014 09:07:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Windows Media Player-Netzwerkfreigabedienst Error: (07/14/2014 09:06:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (07/14/2014 09:04:35 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 14.07.2014 um 21:02:57 unerwartet heruntergefahren. Error: (07/14/2014 09:03:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Microsoft Office Sessions: ========================= Error: (07/15/2014 11:40:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES Error: (07/15/2014 11:28:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES Error: (07/15/2014 11:15:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES Error: (07/15/2014 10:58:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: wmplayer.exe11.0.6002.183114c8e2d72KERNEL32.dll6.0.6002.1903452f2ec860000046b0003fd1e11ac01cfa06f764ecb22 Error: (07/15/2014 10:58:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: wmpnetwk.exe11.0.6001.700047919370KERNEL32.dll6.0.6002.1903452f2ec860000046b0003fd1e88001cfa06eec9188b4 Error: (07/15/2014 10:54:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/15/2014 09:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/14/2014 11:49:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES Error: (07/14/2014 11:45:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\JÜRGEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PREFERENCES Error: (07/14/2014 09:19:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-07-16 00:21:03.551 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-16 00:21:02.478 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-16 00:21:01.261 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-16 00:21:00.153 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-16 00:20:57.749 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-16 00:20:55.722 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-16 00:20:54.043 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-16 00:20:52.435 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-16 00:14:28.536 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-07-16 00:14:27.604 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 54% Total physical RAM: 3038.26 MB Available physical RAM: 1394.23 MB Total Pagefile: 6306.76 MB Available Pagefile: 4710.72 MB Total Virtual: 2047.88 MB Available Virtual: 1898.35 MB ==================== Drives ================================ Drive b: (USB-HAMA) (Removable) (Total:1.88 GB) (Free:0.13 GB) FAT32 Drive c: () (Fixed) (Total:287.55 GB) (Free:155.74 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:10.53 GB) (Free:1.26 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: E0E2F567) Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24) Partition 1: (Active) - (Size=2 GB) - (Type=0B) ==================== End Of Log ============================ Vielen Dank schon jetzt. |
16.07.2014, 05:59 | #2 |
/// the machine /// TB-Ausbilder | Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365 hi,
__________________Scan mit Combofix
__________________ |
16.07.2014, 18:41 | #3 |
| Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365 Hallo Schrauber,
__________________herzlichen Dank für die schnelle Antwort. Bevor ich "Combofix" gestartet habe, habe ich wie beschrieben u.a. meinen "Windwos Defender" deaktiviert. Dieser lässt sich nach dem Durchlauf und erneutem Neustart nicht mehr starten. Hier die Logfile Code:
ATTFilter ComboFix 14-07-16.02 - Jürgen 16.07.2014 17:30:51.1.2 - x86 ausgeführt von:: c:\users\J³rgen\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2014-06-16 bis 2014-07-16 )))))))))))))))))))))))))))))) . . 2014-07-16 15:53 . 2014-07-16 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-07-15 22:12 . 2014-07-15 22:22 -------- d-----w- C:\FRST 2014-07-15 20:45 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FA29AF8-72C0-4544-8FF3-523939A80522}\mpengine.dll 2014-07-13 14:50 . 2014-07-13 14:50 -------- d-----w- c:\programdata\HitmanPro.Alert 2014-07-13 14:50 . 2014-07-15 22:08 -------- d-----w- c:\windows\CryptoGuard 2014-07-13 14:50 . 2014-07-14 19:00 -------- d-----w- c:\program files\HitmanPro.Alert 2014-07-13 14:50 . 2014-07-13 15:09 75640 ----a-w- c:\windows\system32\drivers\hmpalert.sys 2014-07-13 14:50 . 2014-07-13 15:09 477008 ----a-w- c:\windows\system32\hmpalert.dll 2014-07-10 21:31 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-07-10 21:24 . 2014-07-15 20:50 -------- d-----w- C:\AdwCleaner 2014-07-10 20:53 . 2014-07-15 22:40 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-10 20:53 . 2014-07-10 20:53 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware 2014-07-10 20:53 . 2014-07-10 20:53 -------- d-----w- c:\programdata\Malwarebytes 2014-07-10 20:53 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-07-10 20:53 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-07-10 20:53 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-07-06 12:48 . 2014-07-06 12:48 43152 ----a-w- c:\windows\avastSS.scr 2014-06-25 20:39 . 2014-06-25 20:39 -------- d-----w- c:\program files\Tracker Software 2014-06-21 13:37 . 2014-07-14 23:11 -------- d-----w- c:\users\Jürgen\AppData\Local\.elfohilfe 2014-06-21 13:35 . 2014-06-21 13:35 -------- d-----w- c:\users\Jürgen\AppData\Roaming\elsterformular 2014-06-21 13:34 . 2014-06-21 13:34 -------- d-----w- c:\programdata\elsterformular 2014-06-21 13:33 . 2014-06-21 13:33 -------- d-----w- c:\program files\ElsterFormular 2014-06-17 17:39 . 2014-06-17 17:57 -------- d-----w- c:\users\Jürgen\Sicherung SD-Karte 2014-06-17 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-09 18:14 . 2012-04-07 14:07 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-07-09 18:14 . 2011-07-13 10:18 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-07-06 12:49 . 2011-11-27 16:07 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-07-06 12:48 . 2013-04-26 16:09 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-07-06 12:48 . 2011-11-27 16:07 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2014-07-06 12:48 . 2014-05-01 11:40 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-07-06 12:48 . 2013-04-26 16:09 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-07-06 12:48 . 2011-11-27 16:07 55112 ----a-w- c:\windows\system32\drivers\aswrdr.sys 2014-07-06 12:48 . 2011-11-27 16:07 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-07-06 12:48 . 2011-11-27 16:07 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-07-06 12:48 . 2011-11-27 16:06 276432 ----a-w- c:\windows\system32\aswBoot.exe 2014-05-01 11:40 . 2011-11-27 16:07 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1399910046853 2014-05-01 11:40 . 2011-11-27 16:07 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1399910046853 2014-04-26 16:01 . 2014-06-11 16:45 502784 ----a-w- c:\windows\system32\usp10.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-07-06 12:48 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21445248] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-06 4086432] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^Jürgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Netzmanager.lnk] path=c:\users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk backup=c:\windows\pss\Netzmanager.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00] 2010-02-09 15:43 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] 2008-12-24 09:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp] 2014-06-09 10:47 122200 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload] 2013-10-28 04:32 1564528 ----a-w- c:\program files\Samsung\Kies\Kies.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3] 2009-12-15 11:52 614400 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\fppdis3a.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-08-01 15:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-12-24 14:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut] 2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut] 2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut] 2008-10-06 19:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2729437562-1770265655-3760295961-1000] "EnableNotificationsRef"=dword:00000003 "EnableNotifications"=dword:00000001 . S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-06-13 17:21 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:14] . 2014-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-18 12:10] . 2014-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-18 12:10] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://de.yahoo.com?fr=hp-avast&type=prc265 mStart Page = https://de.yahoo.com?fr=hp-avast&type=prc265 IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe MSConfigStartUp-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe AddRemove-Doxillion - c:\program files\NCH Software\Doxillion\uninst.exe AddRemove-GraphicCorp's Browser+ - c:\browser\UNWISE.EXE AddRemove-Netzmanager - c:\programdata\{D8116CA6-DBDF-4415-AB4A-BE0CEFB71935}\Netzmanager1.050.1606_101110a.exe AddRemove-Prism - c:\program files\NCH Software\Prism\uninst.exe AddRemove-Switch - c:\program files\NCH Software\Switch\uninst.exe AddRemove-WavePad - c:\program files\NCH Software\WavePad\uninst.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2014-07-16 17:53 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2014-07-16 17:59:13 ComboFix-quarantined-files.txt 2014-07-16 15:59 . Vor Suchlauf: 10 Verzeichnis(se), 167.045.128.192 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 166.228.619.264 Bytes frei . - - End Of File - - FF3BE5456353E5893DB4FD97ABAD9622 588AE8F0C685C02BA11F30D9CD7E61A0 Hallo Schrauber, habe erneut Malware durchlaufen lassen...immernoch die o.g. Bedrohungen PUP.Optional.Conduit.A |
17.07.2014, 12:49 | #4 |
/// the machine /// TB-Ausbilder | Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365 Funde von MBAM löschen lassen. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.07.2014, 19:51 | #5 |
| Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 17/07/2014 um 19:16:43 # Aktualisiert 09/07/2014 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzername : Jürgen - YVONNEPC # Gestartet von : C:\Users\Jürgen\Desktop\adwcleaner_3.215 (1).exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16561 -\\ Google Chrome v35.0.1916.153 [ Datei : C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV= Gelöscht [Homepage] : hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV= Gelöscht [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb ************************* AdwCleaner[R0].txt - [5703 octets] - [10/07/2014 23:24:42] AdwCleaner[R1].txt - [5107 octets] - [11/07/2014 20:51:42] AdwCleaner[R2].txt - [1119 octets] - [12/07/2014 23:14:51] AdwCleaner[R3].txt - [1239 octets] - [15/07/2014 22:10:40] AdwCleaner[R4].txt - [1688 octets] - [16/07/2014 19:47:30] AdwCleaner[R5].txt - [1472 octets] - [16/07/2014 20:59:38] AdwCleaner[R6].txt - [1924 octets] - [17/07/2014 19:09:59] AdwCleaner[S0].txt - [1092 octets] - [10/07/2014 23:53:47] AdwCleaner[S1].txt - [5118 octets] - [11/07/2014 20:53:51] AdwCleaner[S2].txt - [1181 octets] - [12/07/2014 23:21:57] AdwCleaner[S3].txt - [1629 octets] - [15/07/2014 22:50:39] AdwCleaner[S4].txt - [1749 octets] - [16/07/2014 19:52:27] AdwCleaner[S5].txt - [1533 octets] - [16/07/2014 21:01:36] AdwCleaner[S6].txt - [1845 octets] - [17/07/2014 19:16:43] ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1905 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista (TM) Home Premium x86 Ran by Jrgen on 17.07.2014 at 19:58:28,85 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4E8316CF-23A9-4807-93F1-F492F460F250} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95D81EC8-72E0-4CC2-BA51-5E3F2107249B} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4E8316CF-23A9-4807-93F1-F492F460F250} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{95D81EC8-72E0-4CC2-BA51-5E3F2107249B} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files\myfree codec" ~~~ Chrome Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17.07.2014 at 20:17:07,21 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.07.2014 Suchlauf-Zeit: 20:20:04 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.17.09 Rootkit Datenbank: v2014.07.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Jürgen Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 293972 Verstrichene Zeit: 21 Min, 36 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Warnen PUM: Warnen Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 2 PUP.Optional.Conduit.A, C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV=",), ,[3143821d017adf5777c9b520976d8878] PUP.Optional.Conduit.A, C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://search.conduit.com/?ctid=CT3320324&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBA6A09C5-9736-4F45-88AB-E0026182725E&SSPV=", "https://de.yahoo.com?fr=hp-avast&type=prc265" ],), ,[2f453b645d1e57df630f13c218ec5fa1] Physische Sektoren: 0 (No malicious items detected) (end) wie bekomme ich noch mal ein FRST log ??? Habe Malware erneut durchlaufen lassen....PUP.Optional.Conduit.A sind immer noch da!!! |
18.07.2014, 05:23 | #6 |
/// the machine /// TB-Ausbilder | Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365 FRST öffnen und Scan drücken. Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Jetzt nochmal mit MBAM scannen und Funde löschen lassen. ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365 |
19.07.2014, 08:50 | #7 |
| Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=8c77854239527643b3eb4b581c6a057e # engine=19244 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-07-19 02:58:51 # local_time=2014-07-19 04:58:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 97 813174 170162821 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 100 34482 243271459 0 0 # scanned=230039 # found=4 # cleaned=0 # scan_time=21876 sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir" sh=58525128BD0EAB035DFBD76BB770FA9191448DCE ft=1 fh=9311c6e3ac4c9795 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Doxillion\doxillion.exe.vir" sh=F202F9180F441BEE9D5B9577795A75C0AB99FF2C ft=1 fh=046c86234b5a1a15 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Doxillion\doxillionsetup_v2.02.exe.vir" sh=0C641DEDC1D7DFACAEFED5CDE09B1B9C3797F895 ft=1 fh=3c92e929ac4c9795 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Doxillion\uninst.exe.vir" Code:
ATTFilter Results of screen317's Security Check version 0.99.85 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 51 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader 10.1.10 Adobe Reader out of Date! Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Results of screen317's Security Check version 0.99.85 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 51 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader 10.1.10 Adobe Reader out of Date! Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
19.07.2014, 20:49 | #8 |
/// the machine /// TB-Ausbilder | Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365 Java und Adobe updaten. Frisches FRST log und Antwort auf meine Frage fehlt noch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Anti-Malware: Potenzielle Bedrohungen erkannt! PUP.Optional.Conduit.A und desk 365 |
adobe, antivirus, converter, defender, desktop, device driver, flash player, google, home, homepage, installation, internet, langsam, launch, mozilla, port, preferences, registry, rundll, scan, security, services.exe, software, stick, svchost.exe, system, tracker, usb, windows |