TrojanZbot in ccsetupXXX.exe und Trojan.Generic kommt immer wieder

vochsc · 22.02.2015, 22:31

Liebe Experten,

als ich vor einiger Zeit dummerweise einmal einen falschen Download-Button gedrückt habe, habe ich mir eine Infektion eingefangen, die sich offenbar immer wieder selbst reproduziert. Es hätte mir auffallen müssen, weil ich sonst auf solche Dateiendungen sehr sorgfältig achte, ist aber durchgerutscht. Asche auf mein Haupt. Die Datei hieß "tools_v6.1.0.zip.exe". Seitdem funktioniert die Windows Sidebar nicht mehr, und ich habe Trojaner an Bord. Um Euch die Arbeit zu erleichtern, habe ich einige log-Dateien schon erstellt:

FRST.txt:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Chef (administrator) on VOLKER-PC on 22-02-2015 20:39:37
Running from I:\Volker\FRST
Loaded Profiles: Chef & Volker_2 (Available profiles: Ute & Chef & Volker_2 & UpdatusUser & Administrator)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-110913018-406267621-3491769041-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-110913018-406267621-3491769041-1004\...\MountPoints2: {11c5cd71-6e20-11e2-b959-806e6f6e6963} - X:\EASINST.EXE
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\MountPoints2: {11c5cd71-6e20-11e2-b959-806e6f6e6963} - X:\EASINST.EXE
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
Startup: I:\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tools v6.1.0.zip.lnk
ShortcutTarget: tools v6.1.0.zip.lnk -> C:\ProgramData\{8d1f463d-88c4-dbf6-8d1f-f463d88c18f6}\tools v6.1.0.zip.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-110913018-406267621-3491769041-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-110913018-406267621-3491769041-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.systea.com
HKU\S-1-5-21-110913018-406267621-3491769041-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.systea.com
HKU\S-1-5-21-110913018-406267621-3491769041-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-110913018-406267621-3491769041-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: uNNisales -> {6818c48f-6355-4917-9fe9-98b8ebb118bb} -> C:\Program Files (x86)\uNNisales\1jHFRr0XDLkU3Z.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: youtubeadblocker -> {e1e67519-a594-4953-8583-b63ab7570ed9} -> C:\Program Files (x86)\youtubeadblocker\zkgtuNJy7Rdibh.x64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: I:\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\ckjilcvh.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-03]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [31576 2013-03-26] ()
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-26] (Samsung Electronics Co., Ltd.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-08-13] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-01] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-08-13] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-06] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-02-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-11-22] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-06] (G Data Software AG)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 20:38 - 2015-02-22 20:39 - 00000000 ____D () I:\Volker\FRST
2015-02-22 20:17 - 2015-02-22 20:39 - 00000000 ____D () C:\FRST
2015-02-16 22:16 - 2015-02-16 22:16 - 00000000 ____D () I:\Public\Foxit Software
2015-02-16 22:11 - 2015-02-16 22:12 - 53078632 _____ (Foxit Software Inc. ) I:\Chef\Downloads\FoxitReader708.1216_prom_L10N_Setup.exe
2015-02-16 22:02 - 2015-02-16 22:03 - 93427112 _____ (Oracle Corporation) I:\Chef\Downloads\jre-8u31-windows-x64.exe
2015-02-16 22:02 - 2015-02-16 22:02 - 30431144 _____ (Oracle Corporation) I:\Chef\Downloads\jre-8u31-windows-i586.exe
2015-02-16 21:52 - 2015-01-23 05:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-16 21:52 - 2015-01-23 04:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-16 21:52 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-16 21:52 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 23:19 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 23:19 - 2014-12-08 02:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 23:18 - 2015-01-09 01:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 23:18 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 23:18 - 2014-11-26 02:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 23:08 - 2015-01-13 02:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 23:08 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 23:07 - 2015-01-15 07:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 23:07 - 2015-01-15 05:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 22:47 - 2015-02-12 22:47 - 02112512 _____ () I:\Chef\Downloads\adwcleaner_4.110.exe
2015-02-12 20:23 - 2015-01-14 04:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 20:23 - 2015-01-14 03:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 20:23 - 2015-01-14 03:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 20:23 - 2015-01-14 03:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 20:23 - 2015-01-14 03:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 20:23 - 2015-01-14 03:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 20:23 - 2015-01-14 03:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 20:23 - 2015-01-14 03:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 20:23 - 2015-01-14 03:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 20:23 - 2015-01-14 03:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 20:23 - 2015-01-14 03:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 20:23 - 2015-01-14 03:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 20:23 - 2015-01-14 03:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 20:23 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 20:23 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 20:23 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 20:23 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 20:23 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 20:23 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 20:23 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 20:23 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-12 20:23 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-08 19:04 - 2015-02-08 19:04 - 03044736 _____ (Enigma Software Group USA, LLC.) I:\Volker\Downloads\SpyHunter-Installer.exe
2015-02-08 18:51 - 2015-02-08 18:51 - 00000234 _____ () I:\Volker\Documents\G DATA Protokoll ID 1280.txt
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\EPUBDRMRemoval
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\AppData\Roaming\EPUBDRMRemoval
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\AppData\Roaming\.EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:07 - 00000000 ____D () I:\Chef\AppData\Roaming\.EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\AppData\Roaming\EPUBDRMRemoval
2015-01-28 23:03 - 2015-01-28 23:03 - 00000893 _____ () I:\Public\Desktop\Epubor EPUB DRM Removal.lnk
2015-01-28 23:02 - 2015-01-28 23:03 - 17203268 _____ (Epubor Inc.) I:\Volker\Downloads\epub_drm_removal.exe
2015-01-28 22:51 - 2015-01-28 22:52 - 00000000 ____D () I:\Volker\Downloads\skinny
2015-01-28 21:45 - 2015-01-28 22:58 - 00000000 ____D () I:\Volker\AppData\Roaming\.Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\AppData\Roaming\Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\AppData\Roaming\.Epubor
2015-01-28 21:43 - 2015-01-28 21:43 - 00000000 ____D () I:\Chef\AppData\Roaming\calibre
2015-01-28 21:41 - 2015-01-28 21:44 - 00000000 ____D () I:\Chef\AppData\Roaming\.Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\AppData\Roaming\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\AppData\Roaming\.Epubor
2015-01-28 21:40 - 2015-01-28 23:03 - 00000000 ____D () C:\Program Files (x86)\Epubor
2015-01-28 21:40 - 2015-01-28 21:40 - 00000863 _____ () I:\Public\Desktop\Epubor Ultimate.lnk
2015-01-28 21:36 - 2015-01-28 21:39 - 56219040 _____ (Epubor Inc.) I:\Volker\Downloads\epubor_ultimate.exe
2015-01-28 21:26 - 2015-01-28 21:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 20:58 - 2015-01-28 20:59 - 00000123 _____ () I:\Volker\Documents\Sidebar Fehler.txt
2015-01-27 22:24 - 2015-01-27 22:24 - 00000000 ____D () I:\Volker\Documents\Harper, Bob; Critser, Greg
2015-01-25 18:07 - 2014-10-12 17:51 - 00000512 ____H () I:\Volker\Desktop\NIKON001.DSC
2015-01-25 15:41 - 2015-01-25 15:41 - 00000000 ____D () I:\Volker\AppData\Roaming\IrfanView
2015-01-25 15:38 - 2015-01-25 15:38 - 10741384 _____ (Irfan Skiljan) I:\Volker\Downloads\irfanview_plugins_438_setup.exe
2015-01-25 15:27 - 2015-01-25 15:33 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-01-25 15:27 - 2015-01-25 15:27 - 00000000 ____D () I:\Chef\AppData\Roaming\IrfanView
2015-01-25 15:26 - 2015-01-25 15:26 - 01898640 _____ (Irfan Skiljan) I:\Volker\Downloads\iview438_setup.exe
2015-01-25 14:55 - 2015-02-12 21:21 - 00000000 ____D () I:\Volker\Documents\Druckertest
2015-01-25 13:40 - 2015-01-25 13:40 - 00000000 ____D () I:\Volker\Downloads\Sidebar_neu_initialisieren
2015-01-25 13:39 - 2015-01-25 13:39 - 00000246 _____ () I:\Volker\Downloads\Sidebar_neu_initialisieren.zip
2015-01-25 13:37 - 2015-01-25 13:37 - 00000265 _____ () I:\Volker\Downloads\Sidebar_neu_registrieren.zip
2015-01-25 13:37 - 2015-01-25 13:37 - 00000000 ____D () I:\Volker\Downloads\Sidebar_neu_registrieren
2015-01-23 00:29 - 2015-01-23 00:11 - 00568617 _____ () I:\Volker\Documents\Der Schatten des Wolfes_ Wie ich eine heimtuckische Krankheit besiegte (German Edition) - Elstner, Kerstin.epub

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 19:46 - 2008-01-21 12:10 - 01566088 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-22 19:46 - 2008-01-21 12:09 - 00673684 _____ () C:\Windows\system32\perfh007.dat
2015-02-22 19:46 - 2008-01-21 12:09 - 00145696 _____ () C:\Windows\system32\perfc007.dat
2015-02-22 19:44 - 2014-09-28 22:10 - 00000000 ____D () I:\Volker\AppData\Local\CrashDumps
2015-02-22 19:44 - 2008-01-21 02:53 - 01181456 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 19:40 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 19:40 - 2006-11-02 16:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-22 19:40 - 2006-11-02 16:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 16:13 - 2006-11-02 16:42 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-22 16:12 - 2014-09-02 08:41 - 00000000 ____D () I:\Ute\AppData\Local\CrashDumps
2015-02-22 15:39 - 2013-02-03 23:53 - 00000000 __SHD () I:\$RECYCLE.BIN\S-1-5-21-110913018-406267621-3491769041-1003
2015-02-22 13:15 - 2014-03-30 12:49 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-22 13:15 - 2013-04-26 10:23 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-22 13:02 - 2008-01-21 04:26 - 00435340 _____ () C:\Windows\PFRO.log
2015-02-22 12:31 - 2012-09-16 16:59 - 00000000 ____D () I:\Volker\Documents\Kontoauszüge Mastercard
2015-02-16 22:07 - 2014-08-17 16:11 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-16 22:07 - 2013-02-03 23:36 - 00000000 ____D () C:\Program Files\Java
2015-02-16 22:04 - 2014-08-17 16:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-16 22:04 - 2013-03-27 19:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-16 22:00 - 2015-01-18 16:08 - 00000000 ____D () I:\Chef\AppData\Local\CrashDumps
2015-02-16 21:40 - 2006-11-02 16:21 - 00436832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 23:24 - 2014-04-13 12:49 - 00001733 _____ () I:\Public\Desktop\G DATA ANTIVIRUS.lnk
2015-02-12 23:24 - 2013-02-03 18:38 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2015-02-12 23:23 - 2014-04-13 12:48 - 00014590 _____ () C:\Windows\DPINST.LOG
2015-02-12 23:13 - 2014-02-16 19:50 - 01541544 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-12 23:07 - 2013-08-21 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 23:04 - 2006-11-02 13:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-08 17:55 - 2007-12-16 20:51 - 00000175 _____ () I:\Volker\Desktop\Sidebar_neu_registrieren.bat
2015-02-08 17:54 - 2007-12-16 20:50 - 00000088 _____ () I:\Volker\Desktop\Sidebar_neu_initialisieren.bat
2015-02-08 17:53 - 2012-06-12 22:28 - 00000000 ____D () I:\Volker\Documents\Kontoauszüge Co-Bank
2015-02-01 19:16 - 2006-11-02 16:27 - 00118712 _____ () C:\Windows\setupact.log
2015-01-29 21:57 - 2013-02-03 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 23:28 - 2015-01-18 15:29 - 00000000 ____D () I:\Volker\Documents\Calibre-Bibliothek
2015-01-28 23:18 - 2013-02-06 21:03 - 00000000 __SHD () I:\$RECYCLE.BIN\S-1-5-21-110913018-406267621-3491769041-1006
2015-01-28 21:25 - 2014-11-23 19:41 - 00000000 ____D () I:\Volker\hob_jportal
2015-01-27 22:21 - 2015-01-18 15:29 - 00000000 ____D () I:\Volker\AppData\Roaming\calibre
2015-01-25 15:00 - 2013-10-03 18:00 - 00011373 _____ () I:\Volker\AppData\Roaming\SmarThruOptions.xml

==================== Files in the root of some directories =======

2014-06-08 19:54 - 2014-06-08 19:54 - 0000068 _____ () I:\Chef\AppData\Roaming\Camdata.ini
2014-06-08 19:54 - 2014-06-08 19:54 - 0000408 _____ () I:\Chef\AppData\Roaming\CamLayout.ini
2014-06-08 19:54 - 2014-06-08 19:54 - 0000408 _____ () I:\Chef\AppData\Roaming\CamShapes.ini
2014-06-08 19:54 - 2014-06-08 19:54 - 0004568 _____ () I:\Chef\AppData\Roaming\CamStudio.cfg
2014-05-10 11:29 - 2014-05-10 11:29 - 0000031 _____ () I:\Chef\AppData\Roaming\DATAMATEC.INI
2013-10-03 17:59 - 2014-08-31 21:09 - 0011339 _____ () I:\Chef\AppData\Roaming\SmarThruOptions.xml
2014-06-08 19:28 - 2014-06-08 19:28 - 0000096 _____ () I:\Chef\AppData\Roaming\version2.xml
2013-02-24 15:25 - 2013-02-24 15:25 - 0000680 _____ () I:\Chef\AppData\Local\d3d9caps.dat
2013-02-24 15:20 - 2013-03-03 13:00 - 0001460 _____ () I:\Chef\AppData\Local\d3d9caps64.dat

Files to move or delete:
====================
I:\Ute\temp.dat


Some content of TEMP:
====================
I:\Chef\AppData\Local\Temp\Foxit Reader Updater.exe
I:\Chef\AppData\Local\Temp\Foxit Updater.exe
I:\Chef\AppData\Local\Temp\FoxitUpdater.exe
I:\Chef\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
I:\Chef\AppData\Local\Temp\nvStInst.exe
I:\Chef\AppData\Local\Temp\Quarantine.exe
I:\Chef\AppData\Local\Temp\sdanircmdc.exe
I:\Chef\AppData\Local\Temp\sdapskill.exe
I:\Chef\AppData\Local\Temp\sdaspwn.exe
I:\Chef\AppData\Local\Temp\sqlite3.dll
I:\Chef\AppData\Local\Temp\tilgung_i.exe
I:\Chef\AppData\Local\Temp\vlc-2.1.5-win32.exe
I:\Ute\AppData\Local\Temp\03E00FBD.dll
I:\Ute\AppData\Local\Temp\03E13109.dll
I:\Ute\AppData\Local\Temp\03E1C4B6.dll
I:\Ute\AppData\Local\Temp\5F86505F.dll
I:\Ute\AppData\Local\Temp\5F869319.dll
I:\Ute\AppData\Local\Temp\CB7D2D1E.dll
I:\Ute\AppData\Local\Temp\CB7FDF8E.dll
I:\Ute\AppData\Local\Temp\CB802C3D.dll
I:\Ute\AppData\Local\Temp\CB812058.dll
I:\Ute\AppData\Local\Temp\CB864630.dll
I:\Ute\AppData\Local\Temp\CB898723.dll
I:\Ute\AppData\Local\Temp\CB97C013.dll
I:\Ute\AppData\Local\Temp\CB992369.dll
I:\Ute\AppData\Local\Temp\CB998C23.dll
I:\Ute\AppData\Local\Temp\E4C5976A.dll
I:\Ute\AppData\Local\Temp\E4DC6B0C.dll
I:\Ute\AppData\Local\Temp\F73A1EF0.dll
I:\Ute\AppData\Local\Temp\F74671A1.dll
I:\Ute\AppData\Local\Temp\Foxit Reader Updater.exe
I:\Ute\AppData\Local\Temp\Foxit Updater.exe
I:\Volker\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-22 19:46

==================== End Of Log ============================

FRST Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by Chef at 2015-02-22 20:40:16
Running from I:\Volker\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA ANTIVIRUS (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA ANTIVIRUS (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.85 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.85 - FinalWire Ltd.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{C4E35316-77F1-4EBD-9785-C72E55B1D219}) (Version: 8.4.2.1768 - TechSmith Corporation)
DH Driver Cleaner Professional Edition (HKLM-x32\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
EAS-Laufzeitmodul (HKLM-x32\...\{D3103768-A8FB-11D4-ACDF-00104B58121A}) (Version: 1.0.0.0 - Krämer & Kröll GmbH)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Epubor EPUB DRM Removal (HKLM-x32\...\Epubor EPUB DRM Removal) (Version: 2.0.9.12 - Epubor Inc.)
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.4.18 - Epubor Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
G DATA ANTIVIRUS (HKLM-x32\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.5 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kindle Packages (HKU\S-1-5-21-110913018-406267621-3491769041-1004\...\Kindle Packages) (Version:  - ) <==== ATTENTION
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{2EC623B7-3559-4058-B4AC-14DC018FC0B7}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SmarThru PC Fax (HKLM-x32\...\SmarThru PC Fax) (Version:  - )
Thommi's BauFi Rechner 1.4 (HKLM-x32\...\Thommi's BauFi Rechner) (Version: 1.4 - ThomasBolz.de)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-110913018-406267621-3491769041-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> I:\Chef\AppData\Local\Temp\c6A84764\temp\tools v6.1.0.zip.exe No File

==================== Restore Points  =========================

22-02-2015 13:14:04 Garmin Express
22-02-2015 13:16:06 Garmin Express
22-02-2015 13:17:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {127CD5D8-6C6D-4412-94F3-580D3DC929DE} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {9222CA07-CA45-4C28-BE13-F235F1A4C87A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

==================== Loaded Modules (whitelisted) ==============

2013-10-03 17:58 - 2009-05-08 10:53 - 00082432 _____ () C:\Windows\System32\SamFaxPort64.dll
2013-02-03 23:32 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2013-02-03 23:32 - 2012-09-10 16:07 - 01212928 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\spd__du.dll
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2011-01-27 14:28 - 2011-01-27 14:28 - 00706048 _____ () C:\Windows\system32\SnMinDrv.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-110913018-406267621-3491769041-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-110913018-406267621-3491769041-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-110913018-406267621-3491769041-500 - Administrator - Disabled) => I:\Administrator
Chef (S-1-5-21-110913018-406267621-3491769041-1004 - Administrator - Enabled) => I:\Chef
Gast (S-1-5-21-110913018-406267621-3491769041-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-110913018-406267621-3491769041-1007 - Limited - Enabled) => I:\UpdatusUser
Ute (S-1-5-21-110913018-406267621-3491769041-1003 - Limited - Enabled) => I:\Ute
Volker_2 (S-1-5-21-110913018-406267621-3491769041-1006 - Limited - Enabled) => I:\Volker

==================== Faulty Device Manager Devices =============

Name: Atheros AR5005G Wireless Network Adapter
Description: Atheros AR5005G Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2015 07:42:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xed0, Anwendungsstartzeit sidebar.exe0.

Error: (02/22/2015 07:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2015 04:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 12.0.1.26, Zeitstempel 0x543e558b, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e, Ausnahmecode 0xc0000005, Fehleroffset 0x00047456,
Prozess-ID 0xfd0, Anwendungsstartzeit iTunes.exe0.

Error: (02/22/2015 04:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 12.0.1.26, Zeitstempel 0x543e558b, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e, Ausnahmecode 0xc0000005, Fehleroffset 0x00047336,
Prozess-ID 0x1190, Anwendungsstartzeit iTunes.exe0.

Error: (02/22/2015 03:19:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0x12cc, Anwendungsstartzeit sidebar.exe0.

Error: (02/22/2015 01:04:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2015 10:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0x1114, Anwendungsstartzeit sidebar.exe0.

Error: (02/16/2015 09:43:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xe58, Anwendungsstartzeit sidebar.exe0.

Error: (02/16/2015 09:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 11:07:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8


System errors:
=============
Error: (02/22/2015 07:42:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/22/2015 07:42:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/22/2015 01:14:32 PM) (Source: volsnap) (EventID: 20) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.

Error: (02/22/2015 01:05:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/22/2015 01:05:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/22/2015 01:04:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Garmin Core Update Service%%1053

Error: (02/22/2015 01:04:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Garmin Core Update Service

Error: (02/16/2015 10:15:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Foxit Cloud Safe Update Service

Error: (02/16/2015 09:43:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/16/2015 09:43:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330


Microsoft Office Sessions:
=========================
Error: (02/22/2015 07:42:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc00000050000000000001149ed001d04ecf26bbafce

Error: (02/22/2015 07:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2015 04:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.0.6002.182774c28d53ec000000500047456fd001d04eb1d430c4b1

Error: (02/22/2015 04:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.0.6002.182774c28d53ec000000500047336119001d04eab1cf8ae81

Error: (02/22/2015 03:19:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc0000005000000000000114912cc01d04eaa767b30f1

Error: (02/22/2015 01:04:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2015 10:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc00000050000000000001149111401d04a2b8ea7603f

Error: (02/16/2015 09:43:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc00000050000000000001149e5801d04a29308a65df

Error: (02/16/2015 09:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 11:07:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8


CodeIntegrity Errors:
===================================
  Date: 2015-02-22 20:39:42.992
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-22 20:39:42.882
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-22 20:39:42.789
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-22 20:39:42.695
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-02 19:01:37.650
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume11\13-01-23.old\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_11ab004d35078d79\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-02 19:01:37.556
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume11\13-01-23.old\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_11ab004d35078d79\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-02 19:01:37.447
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume11\13-01-23.old\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_11ab004d35078d79\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-02 19:01:37.353
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume11\13-01-23.old\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_11ab004d35078d79\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-02 19:01:37.260
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume11\13-01-23.old\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_116decc535366aa6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-02 19:01:37.150
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume11\13-01-23.old\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_116decc535366aa6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 41%
Total physical RAM: 4093.58 MB
Available physical RAM: 2404.11 MB
Total Pagefile: 8402.44 MB
Available Pagefile: 6213.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Vista und Programme) (Fixed) (Total:302.01 GB) (Free:247.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Austausch) (Fixed) (Total:151.96 GB) (Free:148.56 GB) NTFS
Drive i: (Daten) (Fixed) (Total:439.2 GB) (Free:97.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DBE50493)
Partition 1: (Active) - (Size=302 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=439.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=38.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=152 GB) - (Type=07 NTFS)

==================== End Of Log ============================

MBAM.txt:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.02.2015
Suchlauf-Zeit: 21:20:26
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.4.1028
Malware Datenbank: v2015.02.22.06
Rootkit Datenbank: v2015.02.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: Volker_2

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 560499
Verstrichene Zeit: 10 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 16
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Plugins, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\searchplugin, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}, Löschen bei Neustart, [0e704cd5dfab4aece1b3880581829868], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome, Löschen bei Neustart, [0e704cd5dfab4aece1b3880581829868], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components, Löschen bei Neustart, [0e704cd5dfab4aece1b3880581829868], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults, Löschen bei Neustart, [0e704cd5dfab4aece1b3880581829868], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF, Löschen bei Neustart, [0e704cd5dfab4aece1b3880581829868], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules, Löschen bei Neustart, [0e704cd5dfab4aece1b3880581829868], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Plugins, Löschen bei Neustart, [0e704cd5dfab4aece1b3880581829868], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\searchplugin, Löschen bei Neustart, [0e704cd5dfab4aece1b3880581829868], 

Dateien: 45
PUP.Optional.InstallCore, I:\Chef\AppData\Roaming\0S1F1O2ZtAtB\Kindle Packages\uninstaller.exe, Löschen bei Neustart, [f886e9380387e056e5778f9d3ec4be42], 
Trojan.Zbot, I:\Volker\Documents\Downloads\ccsetup131.exe, In Quarantäne, [a5d9859c2268fd39202a19a3bd4413ed], 
Trojan.Zbot, I:\Volker\Documents\Downloads\ccsetup132.exe, In Quarantäne, [a9d5bd64b9d1aa8c4505b80405fcb14f], 
PUP.Optional.SkyTech.A, I:\Chef\AppData\Local\Temp\2760531\2760531.zipDir\alilog.dll, Löschen bei Neustart, [fd81e43dd2b8a78f3134e41a60a1817f], 
PUP.Optional.V9.A, I:\Chef\AppData\Local\Temp\2760531\2760531.zipDir\qSE.exe, Löschen bei Neustart, [daa4b36eddad7db95dd3b099c23edf21], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome.manifest, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\install.rdf, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\version.txt, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome\incredimail_mediabar_2.jar, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\ConduitAutoCompleteSearch.js, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\ConduitAutoCompleteSearch.xpt, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\alertSettingsComponent.xml, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\appContextMenu.xml, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\fbAlert.js, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\getAppsContextMenu.xml, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\postAppsContextMenu.xml, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\toolbarContextMenu.xml, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\unsharedAppsContextMenu.xml, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF\manifest.mf, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF\zigbert.rsa, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF\zigbert.sf, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Chat.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\DataStructures.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\EBEncryption.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\ExternalLibraryLoader.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\HTTP.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\IO.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Log.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\MainSingleton.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\MD5.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Notifications.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\ObserversAndEvents.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Prefs.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\SearchProtector.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\SearchSuggestIO.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\String.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\TEAEncryption.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Timer.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Twitter.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\URL.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\WebProgress.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Windows.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\XML.jsm, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Plugins\np-mswmp.dll, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\searchplugin\conduit.xml, Löschen bei Neustart, [f08ea47d8cfec96d7f15018c8a79e11f], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

und zum Schluss noch die Log-Dateien meines G-Data Virenscanners:

Code:

ATTFilter

1. Die Datei wurde desinfiziert.

Datei: C:\Program Files (x86)\Website and SEO Analysis\Website and SEO Analysis.exe
Virus: Trojan.Generic.12781468 (Engine A)
Der Leerlauf-Scan wird fortgesetzt.

2.Die Datei wurde desinfiziert.

Datei: I:\AdwCleaner\Quarantine\C\Program Files (x86)\uNNisales\1jHFRr0XDLkU3Z.exe.vir
Virus: Trojan.Generic.12781468 (Engine A)
Der Leerlauf-Scan wird fortgesetzt.

3.Die Datei wurde desinfiziert.

Datei: I:\AdwCleaner\Quarantine\C\Program Files (x86)\unnIsealese\unnIsealese.exe.vir
Virus: Trojan.Generic.12781468 (Engine A)
Der Leerlauf-Scan wird fortgesetzt.

4.Datei: I:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\zkgtuNJy7Rdibh.exe.vir
Virus: Trojan.Generic.12781468 (Engine A)
Der Leerlauf-Scan wird fortgesetzt.

5.Leerlauf-Scan wurde erfolgreich durchgefürt:
855906 Dateien überprüft.
8 infizierte Dateien gefunden.

6.Virenprüfung mit G DATA ANTIVIRUS
Version 25.0.2.5 (08.01.2015)
Virensignaturen vom 22.02.2015
Startzeit: 22.02.2015 19:51:46
Engine(s): Engine A (AVA 25.374), Engine B (GD 25.4700)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Aus

Prüfung der Systembereiche...
Prüfung folgender Verzeichnisse und Dateien:
  I:\AdwCleaner\

Analyse vollständig durchgeführt: 22.02.2015 19:51:54
    69 Dateien überprüft
    1 infizierte Dateien gefunden
    0 verdächtige Dateien gefunden


Objekt: zkgtuNJy7Rdibh.exe.vir
	Pfad: I:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker
	Status: Virus, Datei gelöscht
	Virus: Trojan.Generic.12781468 (Engine A)

7.Die Datei wurde gelöscht.

Datei: I:\Chef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6R0AOUV4\20150121167687[1].exe
Virus: Win32.Adware.InstallMonetizer.N (Engine B)
Der Leerlauf-Scan wird fortgesetzt.

Ich hoffe auf Euer geballtes Wissen und Eure Hilfe. Schon jetzt vielen Dank.

Bootsektor · 23.02.2015, 00:32

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1

Code:

ATTFilter

I:\Volker\Documents\Downloads\ccsetup131.exe
I:\Volker\Documents\Downloads\ccsetup132.exe

Sind diese oder ähnliche in dem Verzeichnis nach dem Löschen durch Malwarebytes noch vorhanden? Wenn ja, bitte diese Dateien einmal von virustotal prüfen lassen.
Verwendest du CCleaner?

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Wählen Sie eine
Kopiere nun folgendes in die Suchleiste
Code:
ATTFilter
```
I:\Volker\Documents\Downloads\ccsetup131.exe
         
```
und klicke auf Öffnen.
Klicke auf Scannen!.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen

Zitat:

Diese Datei wurde bereits von VirusTotal analysiert...

klicke auf Neu analysieren.
Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Falls die Datei nicht vorhanden ist, aber eine andere mit ccsetupxxx.exe dort ist dann bitte diese hochladen lassen.

Schritt 2
Das FRST hattest du vor dem Scan und dem löschen mit MBAM gemacht? Dann bitte ein neues

Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

vochsc · 23.02.2015, 22:12

Hallo Sandra,

zunächst einmal vielen Dank für Deine prompte Antwort und Dein Hilfeangebot. Ich möchte Deine Bitten/Fragen der Reihe nach abarbeiten.
1. Im selben Verzeichnis sind die Dateien ccsetupXXX.exe nicht mehr vorhanden und auch keine gleichen Typs. Ich habe in einem anderen Verzeichnis noch zwei aktuellere gefunde und bei Virustotal analysieren lassen, sie waren harmlos. Hier die erbetenen Links:

Code:

ATTFilter

https://www.virustotal.com/de/file/f4aa8670b99cda3580c0d65f377f7b1337a837f1366889db52515be788b576c5/analysis/1424724981/

Code:

ATTFilter

https://www.virustotal.com/de/file/90209f0e2568f3fb23e6f46ba438b89b328df0d24d63cc978ce82629b545b065/analysis/1424725175/

2. Ich habe früher einmal CCleaner verwendet, leider auch für die Registry, aber seit dem letzten Neuaufsetzen des Systems nicht mehr.

3. Ja, ich habe den FRST vor der Anwendung von MBAM gemacht. Deshalb hier die aktuelle FRST.txt:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Volker_2 (ATTENTION: The logged in user is not administrator) on VOLKER-PC on 23-02-2015 22:07:37
Running from I:\Volker\FRST
Loaded Profiles: Chef & Volker_2 (Available profiles: Ute & Chef & Volker_2 & UpdatusUser & Administrator)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> nvSCPAPISvr.exe
Failed to access process -> svchost.exe
Failed to access process -> GDScan.exe
Failed to access process -> svchost.exe
Failed to access process -> AVKWCtlx64.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SLsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> AVKProxy.exe
Failed to access process -> AVKService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> FCUpdateService.exe
Failed to access process -> taskeng.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dllhost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> AvkBap64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\MountPoints2: {11c5cd71-6e20-11e2-b959-806e6f6e6963} - X:\EASINST.EXE
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
Startup: I:\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tools v6.1.0.zip.lnk
ShortcutTarget: tools v6.1.0.zip.lnk -> C:\ProgramData\{8d1f463d-88c4-dbf6-8d1f-f463d88c18f6}\tools v6.1.0.zip.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-110913018-406267621-3491769041-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-110913018-406267621-3491769041-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-110913018-406267621-3491769041-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: uNNisales -> {6818c48f-6355-4917-9fe9-98b8ebb118bb} -> C:\Program Files (x86)\uNNisales\1jHFRr0XDLkU3Z.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: youtubeadblocker -> {e1e67519-a594-4953-8583-b63ab7570ed9} -> C:\Program Files (x86)\youtubeadblocker\zkgtuNJy7Rdibh.x64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: E:\firefox\Profiles\mde9xugg.default
FF Homepage: about:blank
FF Keyword.URL: hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=303477fb000000000000002127e3dd29&tlver=1.4.35.10&affID=100474
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: IE Tab - I:\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\mde9xugg.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-02-06]
FF Extension: Garmin Communicator - E:\firefox\Profiles\mde9xugg.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-03-30]
FF Extension: IE Tab - E:\firefox\Profiles\mde9xugg.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-06-06]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-03]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [31576 2013-03-26] ()
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-26] (Samsung Electronics Co., Ltd.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-08-13] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-01] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-08-13] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-06] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-02-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-11-22] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-06] (G Data Software AG)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 21:59 - 2015-02-22 21:59 - 00000201 _____ () I:\Volker\Documents\G DATA Protokoll ID 1294.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000200 _____ () I:\Volker\Documents\G DATA Protokoll ID 1295.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000198 _____ () I:\Volker\Documents\G DATA Protokoll ID 1293.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000175 _____ () I:\Volker\Documents\G DATA Protokoll ID 1296.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000108 _____ () I:\Volker\Documents\G DATA Protokoll ID 1297.txt
2015-02-22 21:58 - 2015-02-22 21:58 - 00000705 _____ () I:\Volker\Documents\G DATA Protokoll ID 1300.txt
2015-02-22 21:00 - 2015-02-22 21:00 - 00000832 _____ () I:\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-22 21:00 - 2015-02-22 21:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-22 21:00 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-22 21:00 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-22 21:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-22 20:56 - 2015-02-22 21:38 - 00000000 ____D () I:\Volker\MBAM
2015-02-22 20:56 - 2015-02-22 21:38 - 00000000 ____D () I:\Volker\MBAM
2015-02-22 20:38 - 2015-02-23 22:07 - 00000000 ____D () I:\Volker\FRST
2015-02-22 20:38 - 2015-02-23 22:07 - 00000000 ____D () I:\Volker\FRST
2015-02-22 20:17 - 2015-02-23 22:07 - 00000000 ____D () C:\FRST
2015-02-16 22:16 - 2015-02-16 22:16 - 00000000 ____D () I:\Public\Foxit Software
2015-02-16 22:11 - 2015-02-16 22:12 - 53078632 _____ (Foxit Software Inc. ) I:\Chef\Downloads\FoxitReader708.1216_prom_L10N_Setup.exe
2015-02-16 22:02 - 2015-02-16 22:03 - 93427112 _____ (Oracle Corporation) I:\Chef\Downloads\jre-8u31-windows-x64.exe
2015-02-16 22:02 - 2015-02-16 22:02 - 30431144 _____ (Oracle Corporation) I:\Chef\Downloads\jre-8u31-windows-i586.exe
2015-02-16 21:52 - 2015-01-23 05:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-16 21:52 - 2015-01-23 04:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-16 21:52 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-16 21:52 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 23:19 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 23:19 - 2014-12-08 02:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 23:18 - 2015-01-09 01:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 23:18 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 23:18 - 2014-11-26 02:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 23:08 - 2015-01-13 02:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 23:08 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 23:07 - 2015-01-15 07:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 23:07 - 2015-01-15 05:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 22:47 - 2015-02-12 22:47 - 02112512 _____ () I:\Chef\Downloads\adwcleaner_4.110.exe
2015-02-12 20:23 - 2015-01-14 04:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 20:23 - 2015-01-14 03:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 20:23 - 2015-01-14 03:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 20:23 - 2015-01-14 03:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 20:23 - 2015-01-14 03:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 20:23 - 2015-01-14 03:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 20:23 - 2015-01-14 03:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 20:23 - 2015-01-14 03:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 20:23 - 2015-01-14 03:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 20:23 - 2015-01-14 03:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 20:23 - 2015-01-14 03:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 20:23 - 2015-01-14 03:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 20:23 - 2015-01-14 03:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 20:23 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 20:23 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 20:23 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 20:23 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 20:23 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 20:23 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 20:23 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 20:23 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-12 20:23 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-08 19:04 - 2015-02-08 19:04 - 03044736 _____ (Enigma Software Group USA, LLC.) I:\Volker\Downloads\SpyHunter-Installer.exe
2015-02-08 18:51 - 2015-02-08 18:51 - 00000234 _____ () I:\Volker\Documents\G DATA Protokoll ID 1280.txt
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\EPUBDRMRemoval
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\EPUBDRMRemoval
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\AppData\Roaming\EPUBDRMRemoval
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\AppData\Roaming\.EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:07 - 00000000 ____D () I:\Chef\AppData\Roaming\.EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\AppData\Roaming\EPUBDRMRemoval
2015-01-28 23:03 - 2015-01-28 23:03 - 00000893 _____ () I:\Public\Desktop\Epubor EPUB DRM Removal.lnk
2015-01-28 23:02 - 2015-01-28 23:03 - 17203268 _____ (Epubor Inc.) I:\Volker\Downloads\epub_drm_removal.exe
2015-01-28 22:51 - 2015-01-28 22:52 - 00000000 ____D () I:\Volker\Downloads\skinny
2015-01-28 21:45 - 2015-01-28 22:58 - 00000000 ____D () I:\Volker\AppData\Roaming\.Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\AppData\Roaming\Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\AppData\Roaming\.Epubor
2015-01-28 21:43 - 2015-01-28 21:43 - 00000000 ____D () I:\Chef\AppData\Roaming\calibre
2015-01-28 21:41 - 2015-01-28 21:44 - 00000000 ____D () I:\Chef\AppData\Roaming\.Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\AppData\Roaming\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\AppData\Roaming\.Epubor
2015-01-28 21:40 - 2015-01-28 23:03 - 00000000 ____D () C:\Program Files (x86)\Epubor
2015-01-28 21:40 - 2015-01-28 21:40 - 00000863 _____ () I:\Public\Desktop\Epubor Ultimate.lnk
2015-01-28 21:36 - 2015-01-28 21:39 - 56219040 _____ (Epubor Inc.) I:\Volker\Downloads\epubor_ultimate.exe
2015-01-28 21:26 - 2015-01-28 21:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 20:58 - 2015-01-28 20:59 - 00000123 _____ () I:\Volker\Documents\Sidebar Fehler.txt
2015-01-27 22:24 - 2015-01-27 22:24 - 00000000 ____D () I:\Volker\Documents\Harper, Bob; Critser, Greg
2015-01-25 18:07 - 2014-10-12 17:51 - 00000512 ____H () I:\Volker\Desktop\NIKON001.DSC
2015-01-25 15:41 - 2015-01-25 15:41 - 00000000 ____D () I:\Volker\AppData\Roaming\IrfanView
2015-01-25 15:38 - 2015-01-25 15:38 - 10741384 _____ (Irfan Skiljan) I:\Volker\Downloads\irfanview_plugins_438_setup.exe
2015-01-25 15:27 - 2015-01-25 15:33 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-01-25 15:27 - 2015-01-25 15:27 - 00000000 ____D () I:\Chef\AppData\Roaming\IrfanView
2015-01-25 15:26 - 2015-01-25 15:26 - 01898640 _____ (Irfan Skiljan) I:\Volker\Downloads\iview438_setup.exe
2015-01-25 14:55 - 2015-02-12 21:21 - 00000000 ____D () I:\Volker\Documents\Druckertest
2015-01-25 13:40 - 2015-01-25 13:40 - 00000000 ____D () I:\Volker\Downloads\Sidebar_neu_initialisieren
2015-01-25 13:39 - 2015-01-25 13:39 - 00000246 _____ () I:\Volker\Downloads\Sidebar_neu_initialisieren.zip
2015-01-25 13:37 - 2015-01-25 13:37 - 00000265 _____ () I:\Volker\Downloads\Sidebar_neu_registrieren.zip
2015-01-25 13:37 - 2015-01-25 13:37 - 00000000 ____D () I:\Volker\Downloads\Sidebar_neu_registrieren

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 21:53 - 2008-01-21 12:10 - 01566088 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 21:53 - 2008-01-21 12:09 - 00673684 _____ () C:\Windows\system32\perfh007.dat
2015-02-23 21:53 - 2008-01-21 12:09 - 00145696 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 21:52 - 2008-01-21 02:53 - 01199981 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 21:48 - 2014-09-28 22:10 - 00000000 ____D () I:\Volker\AppData\Local\CrashDumps
2015-02-23 21:46 - 2008-01-21 04:26 - 00435716 _____ () C:\Windows\PFRO.log
2015-02-23 21:46 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 21:46 - 2006-11-02 16:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 21:46 - 2006-11-02 16:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 22:58 - 2006-11-02 16:42 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-22 21:57 - 2013-02-06 21:03 - 00000000 __SHD () I:\$RECYCLE.BIN\S-1-5-21-110913018-406267621-3491769041-1006
2015-02-22 16:12 - 2014-09-02 08:41 - 00000000 ____D () I:\Ute\AppData\Local\CrashDumps
2015-02-22 15:39 - 2013-02-03 23:53 - 00000000 __SHD () I:\$RECYCLE.BIN\S-1-5-21-110913018-406267621-3491769041-1003
2015-02-22 13:15 - 2013-04-26 10:23 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-22 12:31 - 2012-09-16 16:59 - 00000000 ____D () I:\Volker\Documents\Kontoauszüge Mastercard
2015-02-16 22:07 - 2014-08-17 16:11 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-16 22:07 - 2013-02-03 23:36 - 00000000 ____D () C:\Program Files\Java
2015-02-16 22:04 - 2014-08-17 16:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-16 22:04 - 2013-03-27 19:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-16 22:00 - 2015-01-18 16:08 - 00000000 ____D () I:\Chef\AppData\Local\CrashDumps
2015-02-16 21:40 - 2006-11-02 16:21 - 00436832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 23:24 - 2014-04-13 12:49 - 00001733 _____ () I:\Public\Desktop\G DATA ANTIVIRUS.lnk
2015-02-12 23:24 - 2013-02-03 18:38 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2015-02-12 23:23 - 2014-04-13 12:48 - 00014590 _____ () C:\Windows\DPINST.LOG
2015-02-12 23:13 - 2014-02-16 19:50 - 01541544 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-12 23:07 - 2013-08-21 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 23:04 - 2006-11-02 13:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-08 17:55 - 2007-12-16 20:51 - 00000175 _____ () I:\Volker\Desktop\Sidebar_neu_registrieren.bat
2015-02-08 17:54 - 2007-12-16 20:50 - 00000088 _____ () I:\Volker\Desktop\Sidebar_neu_initialisieren.bat
2015-02-08 17:53 - 2012-06-12 22:28 - 00000000 ____D () I:\Volker\Documents\Kontoauszüge Co-Bank
2015-02-01 19:16 - 2006-11-02 16:27 - 00118712 _____ () C:\Windows\setupact.log
2015-01-29 21:57 - 2013-02-03 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 23:28 - 2015-01-18 15:29 - 00000000 ____D () I:\Volker\Documents\Calibre-Bibliothek
2015-01-28 21:25 - 2014-11-23 19:41 - 00000000 ____D () I:\Volker\hob_jportal
2015-01-28 21:25 - 2014-11-23 19:41 - 00000000 ____D () I:\Volker\hob_jportal
2015-01-27 22:21 - 2015-01-18 15:29 - 00000000 ____D () I:\Volker\AppData\Roaming\calibre
2015-01-25 15:00 - 2013-10-03 18:00 - 00011373 _____ () I:\Volker\AppData\Roaming\SmarThruOptions.xml

==================== Files in the root of some directories =======

2014-06-08 19:56 - 2014-06-08 19:56 - 0000096 _____ () I:\Volker\AppData\Roaming\Camdata.ini
2014-06-08 19:56 - 2014-06-08 19:56 - 0000408 _____ () I:\Volker\AppData\Roaming\CamLayout.ini
2014-06-08 19:56 - 2014-06-08 19:56 - 0000408 _____ () I:\Volker\AppData\Roaming\CamShapes.ini
2014-06-08 19:34 - 2014-06-08 19:56 - 0004535 _____ () I:\Volker\AppData\Roaming\CamStudio.cfg
2013-10-03 18:00 - 2015-01-25 15:00 - 0011373 _____ () I:\Volker\AppData\Roaming\SmarThruOptions.xml
2014-06-08 19:55 - 2014-06-08 19:56 - 0000096 _____ () I:\Volker\AppData\Roaming\version2.xml
2013-11-05 23:10 - 2014-11-22 14:06 - 0013824 _____ () I:\Volker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
I:\Ute\temp.dat


Some content of TEMP:
====================
I:\Chef\AppData\Local\Temp\Foxit Reader Updater.exe
I:\Chef\AppData\Local\Temp\Foxit Updater.exe
I:\Chef\AppData\Local\Temp\FoxitUpdater.exe
I:\Chef\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
I:\Chef\AppData\Local\Temp\nvStInst.exe
I:\Chef\AppData\Local\Temp\Quarantine.exe
I:\Chef\AppData\Local\Temp\sdanircmdc.exe
I:\Chef\AppData\Local\Temp\sdapskill.exe
I:\Chef\AppData\Local\Temp\sdaspwn.exe
I:\Chef\AppData\Local\Temp\sqlite3.dll
I:\Chef\AppData\Local\Temp\tilgung_i.exe
I:\Chef\AppData\Local\Temp\vlc-2.1.5-win32.exe
I:\Ute\AppData\Local\Temp\03E00FBD.dll
I:\Ute\AppData\Local\Temp\03E13109.dll
I:\Ute\AppData\Local\Temp\03E1C4B6.dll
I:\Ute\AppData\Local\Temp\5F86505F.dll
I:\Ute\AppData\Local\Temp\5F869319.dll
I:\Ute\AppData\Local\Temp\CB7D2D1E.dll
I:\Ute\AppData\Local\Temp\CB7FDF8E.dll
I:\Ute\AppData\Local\Temp\CB802C3D.dll
I:\Ute\AppData\Local\Temp\CB812058.dll
I:\Ute\AppData\Local\Temp\CB864630.dll
I:\Ute\AppData\Local\Temp\CB898723.dll
I:\Ute\AppData\Local\Temp\CB97C013.dll
I:\Ute\AppData\Local\Temp\CB992369.dll
I:\Ute\AppData\Local\Temp\CB998C23.dll
I:\Ute\AppData\Local\Temp\E4C5976A.dll
I:\Ute\AppData\Local\Temp\E4DC6B0C.dll
I:\Ute\AppData\Local\Temp\F73A1EF0.dll
I:\Ute\AppData\Local\Temp\F74671A1.dll
I:\Ute\AppData\Local\Temp\Foxit Reader Updater.exe
I:\Ute\AppData\Local\Temp\Foxit Updater.exe
I:\Volker\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

--- --- ---

--- --- ---

und die addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by Volker_2 at 2015-02-23 22:08:17
Running from I:\Volker\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA ANTIVIRUS (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA ANTIVIRUS (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.85 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.85 - FinalWire Ltd.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{C4E35316-77F1-4EBD-9785-C72E55B1D219}) (Version: 8.4.2.1768 - TechSmith Corporation)
DH Driver Cleaner Professional Edition (HKLM-x32\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
EAS-Laufzeitmodul (HKLM-x32\...\{D3103768-A8FB-11D4-ACDF-00104B58121A}) (Version: 1.0.0.0 - Krämer & Kröll GmbH)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Epubor EPUB DRM Removal (HKLM-x32\...\Epubor EPUB DRM Removal) (Version: 2.0.9.12 - Epubor Inc.)
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.4.18 - Epubor Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
G DATA ANTIVIRUS (HKLM-x32\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.5 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{2EC623B7-3559-4058-B4AC-14DC018FC0B7}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SmarThru PC Fax (HKLM-x32\...\SmarThru PC Fax) (Version:  - )
Thommi's BauFi Rechner 1.4 (HKLM-x32\...\Thommi's BauFi Rechner) (Version: 1.4 - ThomasBolz.de)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-110913018-406267621-3491769041-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-110913018-406267621-3491769041-500 - Administrator - Disabled) => I:\Administrator
Chef (S-1-5-21-110913018-406267621-3491769041-1004 - Administrator - Enabled) => I:\Chef
Gast (S-1-5-21-110913018-406267621-3491769041-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-110913018-406267621-3491769041-1007 - Limited - Enabled) => I:\UpdatusUser
Ute (S-1-5-21-110913018-406267621-3491769041-1003 - Limited - Enabled) => I:\Ute
Volker_2 (S-1-5-21-110913018-406267621-3491769041-1006 - Limited - Enabled) => I:\Volker

==================== Faulty Device Manager Devices =============

Name: Atheros AR5005G Wireless Network Adapter
Description: Atheros AR5005G Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2015 09:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0x10e8, Anwendungsstartzeit sidebar.exe0.

Error: (02/23/2015 09:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 09:48:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xad0, Anwendungsstartzeit sidebar.exe0.

Error: (02/22/2015 07:42:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xed0, Anwendungsstartzeit sidebar.exe0.

Error: (02/22/2015 07:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2015 04:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 12.0.1.26, Zeitstempel 0x543e558b, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e, Ausnahmecode 0xc0000005, Fehleroffset 0x00047456,
Prozess-ID 0xfd0, Anwendungsstartzeit iTunes.exe0.

Error: (02/22/2015 04:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 12.0.1.26, Zeitstempel 0x543e558b, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e, Ausnahmecode 0xc0000005, Fehleroffset 0x00047336,
Prozess-ID 0x1190, Anwendungsstartzeit iTunes.exe0.

Error: (02/22/2015 03:19:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0x12cc, Anwendungsstartzeit sidebar.exe0.

Error: (02/22/2015 01:04:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2015 10:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0x1114, Anwendungsstartzeit sidebar.exe0.


System errors:
=============
Error: (02/23/2015 09:49:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/23/2015 09:49:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/23/2015 09:48:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Garmin Core Update Service%%1053

Error: (02/23/2015 09:48:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Garmin Core Update Service

Error: (02/22/2015 07:42:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/22/2015 07:42:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/22/2015 01:14:32 PM) (Source: volsnap) (EventID: 20) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.

Error: (02/22/2015 01:05:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/22/2015 01:05:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/22/2015 01:04:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Garmin Core Update Service%%1053


Microsoft Office Sessions:
=========================
Error: (02/23/2015 09:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc0000005000000000000114910e801d04faa13d91928

Error: (02/23/2015 09:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 09:48:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc00000050000000000001149ad001d04fa9e37a29e8

Error: (02/22/2015 07:42:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc00000050000000000001149ed001d04ecf26bbafce

Error: (02/22/2015 07:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2015 04:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.0.6002.182774c28d53ec000000500047456fd001d04eb1d430c4b1

Error: (02/22/2015 04:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.0.6002.182774c28d53ec000000500047336119001d04eab1cf8ae81

Error: (02/22/2015 03:19:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc0000005000000000000114912cc01d04eaa767b30f1

Error: (02/22/2015 01:04:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2015 10:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc00000050000000000001149111401d04a2b8ea7603f


CodeIntegrity Errors:
===================================
  Date: 2015-02-23 22:08:07.002
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 22:08:06.909
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 22:08:06.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 22:08:06.706
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 22:08:06.550
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 22:08:06.441
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 22:08:06.347
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 22:08:06.254
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 22:07:44.460
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 22:07:44.367
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 41%
Total physical RAM: 4093.58 MB
Available physical RAM: 2404.7 MB
Total Pagefile: 8368.44 MB
Available Pagefile: 6019.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Vista und Programme) (Fixed) (Total:302.01 GB) (Free:247.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Austausch) (Fixed) (Total:151.96 GB) (Free:148.8 GB) NTFS
Drive i: (Daten) (Fixed) (Total:439.2 GB) (Free:97.7 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Ist es eigentlich normal, dass der Virenscanner G-Data beim Installieren von FRST die erunt.exe ablehnen wollte und ich diese erst erlauben musste? Genauso musste ich bei MBAM G-Data abschalten und den PC vom Netz trennen beim Setup, sonst schlug G-Data Malware-Alarm.

Vielen Dank.

Bootsektor · 23.02.2015, 23:21

Hallo,

Zitat:

ATTENTION: The logged in user is not administrator

Du musst leider den Scan nochmal ausführen, achte bitte darauf dass FRST adminrechte hat.

Die Dateien kommen allesamt vom CCleaner, es sieht sehr nach einem false positive von Malwarebytes aus.

Das andere Problem werden wir aber noch angehen, ich brauch nur erst ein neues FRST-Log mit Adminpower.

Zitat:

Ist es eigentlich normal, dass der Virenscanner G-Data beim Installieren von FRST die erunt.exe ablehnen wollte und ich diese erst erlauben musste? Genauso musste ich bei MBAM G-Data abschalten und den PC vom Netz trennen beim Setup, sonst schlug G-Data Malware-Alarm.

Jein, das ist teilweise normal. Erunt sichert die Registry, war wahrscheinlich vom Verhalten suspekt für G-Data.

Hat G-Data selbst als es aus war bei MBAM Alarm geschlagen? Hast du da irgend eine Protokolldatei? Ich würd das gerne an G-Data weiterleiten.

vochsc · 23.02.2015, 23:44

Hallo Sandra,
erstmal wieder vielen Dank. Sorry, dass ich so blöd war, die Admin-Rechte zu vergessen.
FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Chef (administrator) on VOLKER-PC on 23-02-2015 23:40:27
Running from I:\Volker\FRST
Loaded Profiles: Chef & Volker_2 (Available profiles: Ute & Chef & Volker_2 & UpdatusUser & Administrator)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-110913018-406267621-3491769041-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-110913018-406267621-3491769041-1004\...\MountPoints2: {11c5cd71-6e20-11e2-b959-806e6f6e6963} - X:\EASINST.EXE
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\MountPoints2: {11c5cd71-6e20-11e2-b959-806e6f6e6963} - X:\EASINST.EXE
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
Startup: I:\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tools v6.1.0.zip.lnk
ShortcutTarget: tools v6.1.0.zip.lnk -> C:\ProgramData\{8d1f463d-88c4-dbf6-8d1f-f463d88c18f6}\tools v6.1.0.zip.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-110913018-406267621-3491769041-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-110913018-406267621-3491769041-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.systea.com
HKU\S-1-5-21-110913018-406267621-3491769041-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.systea.com
HKU\S-1-5-21-110913018-406267621-3491769041-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-110913018-406267621-3491769041-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: uNNisales -> {6818c48f-6355-4917-9fe9-98b8ebb118bb} -> C:\Program Files (x86)\uNNisales\1jHFRr0XDLkU3Z.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: youtubeadblocker -> {e1e67519-a594-4953-8583-b63ab7570ed9} -> C:\Program Files (x86)\youtubeadblocker\zkgtuNJy7Rdibh.x64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: I:\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\ckjilcvh.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-03]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [31576 2013-03-26] ()
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-26] (Samsung Electronics Co., Ltd.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-08-13] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-01] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-08-13] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-06] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-02-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-11-22] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-06] (G Data Software AG)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 21:59 - 2015-02-22 21:59 - 00000201 _____ () I:\Volker\Documents\G DATA Protokoll ID 1294.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000200 _____ () I:\Volker\Documents\G DATA Protokoll ID 1295.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000198 _____ () I:\Volker\Documents\G DATA Protokoll ID 1293.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000175 _____ () I:\Volker\Documents\G DATA Protokoll ID 1296.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000108 _____ () I:\Volker\Documents\G DATA Protokoll ID 1297.txt
2015-02-22 21:58 - 2015-02-22 21:58 - 00000705 _____ () I:\Volker\Documents\G DATA Protokoll ID 1300.txt
2015-02-22 21:00 - 2015-02-22 21:00 - 00000832 _____ () I:\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-22 21:00 - 2015-02-22 21:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-22 21:00 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-22 21:00 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-22 21:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-22 20:56 - 2015-02-22 21:38 - 00000000 ____D () I:\Volker\MBAM
2015-02-22 20:38 - 2015-02-23 23:40 - 00000000 ____D () I:\Volker\FRST
2015-02-22 20:17 - 2015-02-23 23:40 - 00000000 ____D () C:\FRST
2015-02-16 22:16 - 2015-02-16 22:16 - 00000000 ____D () I:\Public\Foxit Software
2015-02-16 22:11 - 2015-02-16 22:12 - 53078632 _____ (Foxit Software Inc. ) I:\Chef\Downloads\FoxitReader708.1216_prom_L10N_Setup.exe
2015-02-16 22:02 - 2015-02-16 22:03 - 93427112 _____ (Oracle Corporation) I:\Chef\Downloads\jre-8u31-windows-x64.exe
2015-02-16 22:02 - 2015-02-16 22:02 - 30431144 _____ (Oracle Corporation) I:\Chef\Downloads\jre-8u31-windows-i586.exe
2015-02-16 21:52 - 2015-01-23 05:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-16 21:52 - 2015-01-23 04:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-16 21:52 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-16 21:52 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 23:19 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 23:19 - 2014-12-08 02:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 23:18 - 2015-01-09 01:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 23:18 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 23:18 - 2014-11-26 02:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 23:08 - 2015-01-13 02:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 23:08 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 23:07 - 2015-01-15 07:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 23:07 - 2015-01-15 05:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 22:47 - 2015-02-12 22:47 - 02112512 _____ () I:\Chef\Downloads\adwcleaner_4.110.exe
2015-02-12 20:23 - 2015-01-14 04:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 20:23 - 2015-01-14 03:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 20:23 - 2015-01-14 03:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 20:23 - 2015-01-14 03:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 20:23 - 2015-01-14 03:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 20:23 - 2015-01-14 03:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 20:23 - 2015-01-14 03:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 20:23 - 2015-01-14 03:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 20:23 - 2015-01-14 03:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 20:23 - 2015-01-14 03:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 20:23 - 2015-01-14 03:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 20:23 - 2015-01-14 03:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 20:23 - 2015-01-14 03:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 20:23 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 20:23 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 20:23 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 20:23 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 20:23 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 20:23 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 20:23 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 20:23 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-12 20:23 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-08 19:04 - 2015-02-08 19:04 - 03044736 _____ (Enigma Software Group USA, LLC.) I:\Volker\Downloads\SpyHunter-Installer.exe
2015-02-08 18:51 - 2015-02-08 18:51 - 00000234 _____ () I:\Volker\Documents\G DATA Protokoll ID 1280.txt
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\EPUBDRMRemoval
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\AppData\Roaming\EPUBDRMRemoval
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\AppData\Roaming\.EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:07 - 00000000 ____D () I:\Chef\AppData\Roaming\.EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\AppData\Roaming\EPUBDRMRemoval
2015-01-28 23:03 - 2015-01-28 23:03 - 00000893 _____ () I:\Public\Desktop\Epubor EPUB DRM Removal.lnk
2015-01-28 23:02 - 2015-01-28 23:03 - 17203268 _____ (Epubor Inc.) I:\Volker\Downloads\epub_drm_removal.exe
2015-01-28 22:51 - 2015-01-28 22:52 - 00000000 ____D () I:\Volker\Downloads\skinny
2015-01-28 21:45 - 2015-01-28 22:58 - 00000000 ____D () I:\Volker\AppData\Roaming\.Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\AppData\Roaming\Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\AppData\Roaming\.Epubor
2015-01-28 21:43 - 2015-01-28 21:43 - 00000000 ____D () I:\Chef\AppData\Roaming\calibre
2015-01-28 21:41 - 2015-01-28 21:44 - 00000000 ____D () I:\Chef\AppData\Roaming\.Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\AppData\Roaming\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\AppData\Roaming\.Epubor
2015-01-28 21:40 - 2015-01-28 23:03 - 00000000 ____D () C:\Program Files (x86)\Epubor
2015-01-28 21:40 - 2015-01-28 21:40 - 00000863 _____ () I:\Public\Desktop\Epubor Ultimate.lnk
2015-01-28 21:36 - 2015-01-28 21:39 - 56219040 _____ (Epubor Inc.) I:\Volker\Downloads\epubor_ultimate.exe
2015-01-28 21:26 - 2015-01-28 21:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 20:58 - 2015-01-28 20:59 - 00000123 _____ () I:\Volker\Documents\Sidebar Fehler.txt
2015-01-27 22:24 - 2015-01-27 22:24 - 00000000 ____D () I:\Volker\Documents\Harper, Bob; Critser, Greg
2015-01-25 18:07 - 2014-10-12 17:51 - 00000512 ____H () I:\Volker\Desktop\NIKON001.DSC
2015-01-25 15:41 - 2015-01-25 15:41 - 00000000 ____D () I:\Volker\AppData\Roaming\IrfanView
2015-01-25 15:38 - 2015-01-25 15:38 - 10741384 _____ (Irfan Skiljan) I:\Volker\Downloads\irfanview_plugins_438_setup.exe
2015-01-25 15:27 - 2015-01-25 15:33 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-01-25 15:27 - 2015-01-25 15:27 - 00000000 ____D () I:\Chef\AppData\Roaming\IrfanView
2015-01-25 15:26 - 2015-01-25 15:26 - 01898640 _____ (Irfan Skiljan) I:\Volker\Downloads\iview438_setup.exe
2015-01-25 14:55 - 2015-02-12 21:21 - 00000000 ____D () I:\Volker\Documents\Druckertest
2015-01-25 13:40 - 2015-01-25 13:40 - 00000000 ____D () I:\Volker\Downloads\Sidebar_neu_initialisieren
2015-01-25 13:39 - 2015-01-25 13:39 - 00000246 _____ () I:\Volker\Downloads\Sidebar_neu_initialisieren.zip
2015-01-25 13:37 - 2015-01-25 13:37 - 00000265 _____ () I:\Volker\Downloads\Sidebar_neu_registrieren.zip
2015-01-25 13:37 - 2015-01-25 13:37 - 00000000 ____D () I:\Volker\Downloads\Sidebar_neu_registrieren

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 23:19 - 2014-11-23 19:41 - 00000000 ____D () I:\Volker\hob_jportal
2015-02-23 23:17 - 2008-01-21 02:53 - 01201672 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 23:11 - 2013-10-03 18:00 - 00011372 _____ () I:\Volker\AppData\Roaming\SmarThruOptions.xml
2015-02-23 22:19 - 2014-03-23 15:40 - 00000000 ____D () I:\Volker\Documents\Kindergeld
2015-02-23 21:53 - 2008-01-21 12:10 - 01566088 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 21:53 - 2008-01-21 12:09 - 00673684 _____ () C:\Windows\system32\perfh007.dat
2015-02-23 21:53 - 2008-01-21 12:09 - 00145696 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 21:48 - 2014-09-28 22:10 - 00000000 ____D () I:\Volker\AppData\Local\CrashDumps
2015-02-23 21:46 - 2008-01-21 04:26 - 00435716 _____ () C:\Windows\PFRO.log
2015-02-23 21:46 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 21:46 - 2006-11-02 16:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 21:46 - 2006-11-02 16:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 22:58 - 2006-11-02 16:42 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-22 21:57 - 2013-02-06 21:03 - 00000000 __SHD () I:\$RECYCLE.BIN\S-1-5-21-110913018-406267621-3491769041-1006
2015-02-22 16:12 - 2014-09-02 08:41 - 00000000 ____D () I:\Ute\AppData\Local\CrashDumps
2015-02-22 15:39 - 2013-02-03 23:53 - 00000000 __SHD () I:\$RECYCLE.BIN\S-1-5-21-110913018-406267621-3491769041-1003
2015-02-22 13:15 - 2014-03-30 12:49 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-22 13:15 - 2013-04-26 10:23 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-22 12:31 - 2012-09-16 16:59 - 00000000 ____D () I:\Volker\Documents\Kontoauszüge Mastercard
2015-02-16 22:07 - 2014-08-17 16:11 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-16 22:07 - 2013-02-03 23:36 - 00000000 ____D () C:\Program Files\Java
2015-02-16 22:04 - 2014-08-17 16:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-16 22:04 - 2013-03-27 19:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-16 22:00 - 2015-01-18 16:08 - 00000000 ____D () I:\Chef\AppData\Local\CrashDumps
2015-02-16 21:40 - 2006-11-02 16:21 - 00436832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 23:24 - 2014-04-13 12:49 - 00001733 _____ () I:\Public\Desktop\G DATA ANTIVIRUS.lnk
2015-02-12 23:24 - 2013-02-03 18:38 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2015-02-12 23:23 - 2014-04-13 12:48 - 00014590 _____ () C:\Windows\DPINST.LOG
2015-02-12 23:13 - 2014-02-16 19:50 - 01541544 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-12 23:07 - 2013-08-21 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 23:04 - 2006-11-02 13:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-08 17:55 - 2007-12-16 20:51 - 00000175 _____ () I:\Volker\Desktop\Sidebar_neu_registrieren.bat
2015-02-08 17:54 - 2007-12-16 20:50 - 00000088 _____ () I:\Volker\Desktop\Sidebar_neu_initialisieren.bat
2015-02-08 17:53 - 2012-06-12 22:28 - 00000000 ____D () I:\Volker\Documents\Kontoauszüge Co-Bank
2015-02-01 19:16 - 2006-11-02 16:27 - 00118712 _____ () C:\Windows\setupact.log
2015-01-29 21:57 - 2013-02-03 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 23:28 - 2015-01-18 15:29 - 00000000 ____D () I:\Volker\Documents\Calibre-Bibliothek
2015-01-27 22:21 - 2015-01-18 15:29 - 00000000 ____D () I:\Volker\AppData\Roaming\calibre

==================== Files in the root of some directories =======

2014-06-08 19:54 - 2014-06-08 19:54 - 0000068 _____ () I:\Chef\AppData\Roaming\Camdata.ini
2014-06-08 19:54 - 2014-06-08 19:54 - 0000408 _____ () I:\Chef\AppData\Roaming\CamLayout.ini
2014-06-08 19:54 - 2014-06-08 19:54 - 0000408 _____ () I:\Chef\AppData\Roaming\CamShapes.ini
2014-06-08 19:54 - 2014-06-08 19:54 - 0004568 _____ () I:\Chef\AppData\Roaming\CamStudio.cfg
2014-05-10 11:29 - 2014-05-10 11:29 - 0000031 _____ () I:\Chef\AppData\Roaming\DATAMATEC.INI
2013-10-03 17:59 - 2014-08-31 21:09 - 0011339 _____ () I:\Chef\AppData\Roaming\SmarThruOptions.xml
2014-06-08 19:28 - 2014-06-08 19:28 - 0000096 _____ () I:\Chef\AppData\Roaming\version2.xml
2013-02-24 15:25 - 2013-02-24 15:25 - 0000680 _____ () I:\Chef\AppData\Local\d3d9caps.dat
2013-02-24 15:20 - 2013-03-03 13:00 - 0001460 _____ () I:\Chef\AppData\Local\d3d9caps64.dat

Files to move or delete:
====================
I:\Ute\temp.dat


Some content of TEMP:
====================
I:\Chef\AppData\Local\Temp\Foxit Reader Updater.exe
I:\Chef\AppData\Local\Temp\Foxit Updater.exe
I:\Chef\AppData\Local\Temp\FoxitUpdater.exe
I:\Chef\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
I:\Chef\AppData\Local\Temp\nvStInst.exe
I:\Chef\AppData\Local\Temp\Quarantine.exe
I:\Chef\AppData\Local\Temp\sdanircmdc.exe
I:\Chef\AppData\Local\Temp\sdapskill.exe
I:\Chef\AppData\Local\Temp\sdaspwn.exe
I:\Chef\AppData\Local\Temp\sqlite3.dll
I:\Chef\AppData\Local\Temp\tilgung_i.exe
I:\Chef\AppData\Local\Temp\vlc-2.1.5-win32.exe
I:\Ute\AppData\Local\Temp\03E00FBD.dll
I:\Ute\AppData\Local\Temp\03E13109.dll
I:\Ute\AppData\Local\Temp\03E1C4B6.dll
I:\Ute\AppData\Local\Temp\5F86505F.dll
I:\Ute\AppData\Local\Temp\5F869319.dll
I:\Ute\AppData\Local\Temp\CB7D2D1E.dll
I:\Ute\AppData\Local\Temp\CB7FDF8E.dll
I:\Ute\AppData\Local\Temp\CB802C3D.dll
I:\Ute\AppData\Local\Temp\CB812058.dll
I:\Ute\AppData\Local\Temp\CB864630.dll
I:\Ute\AppData\Local\Temp\CB898723.dll
I:\Ute\AppData\Local\Temp\CB97C013.dll
I:\Ute\AppData\Local\Temp\CB992369.dll
I:\Ute\AppData\Local\Temp\CB998C23.dll
I:\Ute\AppData\Local\Temp\E4C5976A.dll
I:\Ute\AppData\Local\Temp\E4DC6B0C.dll
I:\Ute\AppData\Local\Temp\F73A1EF0.dll
I:\Ute\AppData\Local\Temp\F74671A1.dll
I:\Ute\AppData\Local\Temp\Foxit Reader Updater.exe
I:\Ute\AppData\Local\Temp\Foxit Updater.exe
I:\Volker\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 21:53

==================== End Of Log ============================

--- --- ---

addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by Chef at 2015-02-23 23:40:47
Running from I:\Volker\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA ANTIVIRUS (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA ANTIVIRUS (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.85 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.85 - FinalWire Ltd.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{C4E35316-77F1-4EBD-9785-C72E55B1D219}) (Version: 8.4.2.1768 - TechSmith Corporation)
DH Driver Cleaner Professional Edition (HKLM-x32\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
EAS-Laufzeitmodul (HKLM-x32\...\{D3103768-A8FB-11D4-ACDF-00104B58121A}) (Version: 1.0.0.0 - Krämer & Kröll GmbH)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Epubor EPUB DRM Removal (HKLM-x32\...\Epubor EPUB DRM Removal) (Version: 2.0.9.12 - Epubor Inc.)
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.4.18 - Epubor Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
G DATA ANTIVIRUS (HKLM-x32\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.5 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kindle Packages (HKU\S-1-5-21-110913018-406267621-3491769041-1004\...\Kindle Packages) (Version:  - ) <==== ATTENTION
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{2EC623B7-3559-4058-B4AC-14DC018FC0B7}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SmarThru PC Fax (HKLM-x32\...\SmarThru PC Fax) (Version:  - )
Thommi's BauFi Rechner 1.4 (HKLM-x32\...\Thommi's BauFi Rechner) (Version: 1.4 - ThomasBolz.de)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-110913018-406267621-3491769041-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> I:\Chef\AppData\Local\Temp\c6A84764\temp\tools v6.1.0.zip.exe No File

==================== Restore Points  =========================

22-02-2015 13:14:04 Garmin Express
22-02-2015 13:16:06 Garmin Express
22-02-2015 13:17:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {127CD5D8-6C6D-4412-94F3-580D3DC929DE} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {9222CA07-CA45-4C28-BE13-F235F1A4C87A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

==================== Loaded Modules (whitelisted) ==============

2013-10-03 17:58 - 2009-05-08 10:53 - 00082432 _____ () C:\Windows\System32\SamFaxPort64.dll
2013-02-03 23:32 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2013-02-03 23:32 - 2012-09-10 16:07 - 01212928 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\spd__du.dll
2011-01-27 14:28 - 2011-01-27 14:28 - 00706048 _____ () C:\Windows\system32\SnMinDrv.dll
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-28 21:26 - 2015-01-28 21:26 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-16 22:04 - 2015-02-16 22:04 - 00019368 _____ () C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2native.dll
2015-01-18 14:22 - 2015-01-18 14:22 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-18 14:22 - 2015-01-18 14:22 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-18 14:22 - 2015-01-18 14:22 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-110913018-406267621-3491769041-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-110913018-406267621-3491769041-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-110913018-406267621-3491769041-500 - Administrator - Disabled) => I:\Administrator
Chef (S-1-5-21-110913018-406267621-3491769041-1004 - Administrator - Enabled) => I:\Chef
Gast (S-1-5-21-110913018-406267621-3491769041-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-110913018-406267621-3491769041-1007 - Limited - Enabled) => I:\UpdatusUser
Ute (S-1-5-21-110913018-406267621-3491769041-1003 - Limited - Enabled) => I:\Ute
Volker_2 (S-1-5-21-110913018-406267621-3491769041-1006 - Limited - Enabled) => I:\Volker

==================== Faulty Device Manager Devices =============

Name: Atheros AR5005G Wireless Network Adapter
Description: Atheros AR5005G Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2015 10:50:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <I:\VOLKER\HOB_JPORTAL\REGISTRY.XML.LOCK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (02/23/2015 09:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0x10e8, Anwendungsstartzeit sidebar.exe0.

Error: (02/23/2015 09:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 09:48:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xad0, Anwendungsstartzeit sidebar.exe0.

Error: (02/22/2015 07:42:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xed0, Anwendungsstartzeit sidebar.exe0.

Error: (02/22/2015 07:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2015 04:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 12.0.1.26, Zeitstempel 0x543e558b, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e, Ausnahmecode 0xc0000005, Fehleroffset 0x00047456,
Prozess-ID 0xfd0, Anwendungsstartzeit iTunes.exe0.

Error: (02/22/2015 04:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 12.0.1.26, Zeitstempel 0x543e558b, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e, Ausnahmecode 0xc0000005, Fehleroffset 0x00047336,
Prozess-ID 0x1190, Anwendungsstartzeit iTunes.exe0.

Error: (02/22/2015 03:19:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0x12cc, Anwendungsstartzeit sidebar.exe0.

Error: (02/22/2015 01:04:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/23/2015 09:49:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/23/2015 09:49:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/23/2015 09:48:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Garmin Core Update Service%%1053

Error: (02/23/2015 09:48:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Garmin Core Update Service

Error: (02/22/2015 07:42:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/22/2015 07:42:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/22/2015 01:14:32 PM) (Source: volsnap) (EventID: 20) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.

Error: (02/22/2015 01:05:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/22/2015 01:05:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/22/2015 01:04:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Garmin Core Update Service%%1053


Microsoft Office Sessions:
=========================
Error: (02/23/2015 10:50:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
I:\VOLKER\HOB_JPORTAL\REGISTRY.XML.LOCK

Error: (02/23/2015 09:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc0000005000000000000114910e801d04faa13d91928

Error: (02/23/2015 09:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 09:48:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc00000050000000000001149ad001d04fa9e37a29e8

Error: (02/22/2015 07:42:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc00000050000000000001149ed001d04ecf26bbafce

Error: (02/22/2015 07:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2015 04:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.0.6002.182774c28d53ec000000500047456fd001d04eb1d430c4b1

Error: (02/22/2015 04:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.0.6002.182774c28d53ec000000500047336119001d04eab1cf8ae81

Error: (02/22/2015 03:19:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc0000005000000000000114912cc01d04eaa767b30f1

Error: (02/22/2015 01:04:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-02-23 23:40:42.596
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 23:40:42.503
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 23:40:42.409
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 23:40:42.300
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 23:40:42.144
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 23:40:42.050
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 23:40:41.957
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 23:40:41.863
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 23:40:29.539
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 23:40:29.446
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 49%
Total physical RAM: 4093.58 MB
Available physical RAM: 2052.71 MB
Total Pagefile: 8368.44 MB
Available Pagefile: 5566.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Vista und Programme) (Fixed) (Total:302.01 GB) (Free:247.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Austausch) (Fixed) (Total:151.96 GB) (Free:148.78 GB) NTFS
Drive i: (Daten) (Fixed) (Total:439.2 GB) (Free:97.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DBE50493)
Partition 1: (Active) - (Size=302 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=439.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=38.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=152 GB) - (Type=07 NTFS)

==================== End Of Log ============================

G-Data hat nur bei einem früheren MBAM-Versuch, als es angeschaltet war, Alarm geschlagen. Ausgeschaltet lief alles gut.
Danke.

Bootsektor · 24.02.2015, 00:05

Hallo,

bestehen nach diesen Schritten noch Probleme? Schalte am besten G-Data solange komplett aus, nach dem FRST-fix macht dein Rechner einen Neustart.

Schritt 1
Bitte deinstalliere folgende Programme:
Kindle Packages
Java 8 Update 25

Dazu gehe auf
Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> suche das Programm in der Liste --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: I:\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tools v6.1.0.zip.lnk
ShortcutTarget: tools v6.1.0.zip.lnk -> C:\ProgramData\{8d1f463d-88c4-dbf6-8d1f-f463d88c18f6}\tools v6.1.0.zip.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-110913018-406267621-3491769041-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> I:\Chef\AppData\Local\Temp\c6A84764\temp\tools v6.1.0.zip.exe No File
I:\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tools v6.1.0.zip.lnk
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Mach bitte nochmal Malwarebytes:
Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 5
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

vochsc · 24.02.2015, 09:57

Hallo Sandra,
habe die Schritte 1-3 abgearbeitet:
1. done
2. fixlog.txt.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by Chef at 2015-02-24 00:16:01 Run:1
Running from I:\Volker\FRST
Loaded Profiles: Chef & Volker_2 (Available profiles: Ute & Chef & Volker_2 & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: I:\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tools v6.1.0.zip.lnk
ShortcutTarget: tools v6.1.0.zip.lnk -> C:\ProgramData\{8d1f463d-88c4-dbf6-8d1f-f463d88c18f6}\tools v6.1.0.zip.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-110913018-406267621-3491769041-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> I:\Chef\AppData\Local\Temp\c6A84764\temp\tools v6.1.0.zip.exe No File
I:\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tools v6.1.0.zip.lnk
emptytemp:
*****************

I:\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tools v6.1.0.zip.lnk => Moved successfully.
C:\ProgramData\{8d1f463d-88c4-dbf6-8d1f-f463d88c18f6}\tools v6.1.0.zip.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-110913018-406267621-3491769041-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}" => Key deleted successfully.
"I:\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tools v6.1.0.zip.lnk" => File/Directory not found.
EmptyTemp: => Removed 783 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 00:16:46 ====

3. mbam.txt:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.02.2015
Suchlauf-Zeit: 00:26:46
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.4.1028
Malware Datenbank: v2015.02.23.09
Rootkit Datenbank: v2015.02.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: Volker_2

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 562503
Verstrichene Zeit: 11 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 16
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Plugins, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\searchplugin, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}, Löschen bei Neustart, [d70e839eddada39310f7731c16edba46], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome, Löschen bei Neustart, [d70e839eddada39310f7731c16edba46], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components, Löschen bei Neustart, [d70e839eddada39310f7731c16edba46], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults, Löschen bei Neustart, [d70e839eddada39310f7731c16edba46], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF, Löschen bei Neustart, [d70e839eddada39310f7731c16edba46], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules, Löschen bei Neustart, [d70e839eddada39310f7731c16edba46], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Plugins, Löschen bei Neustart, [d70e839eddada39310f7731c16edba46], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\searchplugin, Löschen bei Neustart, [d70e839eddada39310f7731c16edba46], 

Dateien: 43
PUP.Optional.InstallCore, I:\Chef\AppData\Roaming\0S1F1O2ZtAtB\Kindle Packages\uninstaller.exe, Löschen bei Neustart, [0bda38e9ccbe8caa2bf22c019e646a96], 
PUP.Optional.SkyTech.A, I:\Chef\AppData\Local\Temp\2760531\2760531.zipDir\alilog.dll, Löschen bei Neustart, [8f560a1717732f07d5c2837bf70ad22e], 
PUP.Optional.V9.A, I:\Chef\AppData\Local\Temp\2760531\2760531.zipDir\qSE.exe, Löschen bei Neustart, [6382140dd0ba84b29e929baeb34dd42c], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome.manifest, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\install.rdf, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\version.txt, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome\incredimail_mediabar_2.jar, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\ConduitAutoCompleteSearch.js, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\ConduitAutoCompleteSearch.xpt, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\alertSettingsComponent.xml, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\appContextMenu.xml, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\fbAlert.js, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\getAppsContextMenu.xml, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\postAppsContextMenu.xml, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\toolbarContextMenu.xml, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults\unsharedAppsContextMenu.xml, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF\manifest.mf, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF\zigbert.rsa, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF\zigbert.sf, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Chat.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\DataStructures.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\EBEncryption.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\ExternalLibraryLoader.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\HTTP.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\IO.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Log.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\MainSingleton.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\MD5.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Notifications.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\ObserversAndEvents.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Prefs.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\SearchProtector.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\SearchSuggestIO.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\String.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\TEAEncryption.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Timer.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Twitter.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\URL.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\WebProgress.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\Windows.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules\XML.jsm, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Plugins\np-mswmp.dll, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 
PUP.Optional.IncrediMediaBar, I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\searchplugin\conduit.xml, Löschen bei Neustart, [ba2b061b602a59dd996ef19e7d866a96], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Den 4. Schritt werde ich den Rest der Nacht laufen lassen. Ich melde mich dann wieder.
Tausend Dank.

Hallo Sandra,

da ich entsprechend der Anleitung zum eset Scan auch eine relativ große externe Festplatte mit etlichen Sicherungen angeschlossen habe, läuft der Scan über die ganze Nacht und derzeit (10 Uhr) immer noch. Ich hoffe, dass nun nicht ein Haufen alter Geschichten mit hochkommen, von denen ich trotz G-Data-Virenwächter und Adware-Cleaner nichts bemerkt hatte. Heute Morgen waren bereits 70 Bedrohungen ausgewiesen.

Gruß und Dank für die perfekte Betreuung mit gut nachvollziehbaren Anleitungen.

Bootsektor · 24.02.2015, 11:55

Hallo,

Zitat:

da ich entsprechend der Anleitung zum eset Scan auch eine relativ große externe Festplatte mit etlichen Sicherungen angeschlossen habe, läuft der Scan über die ganze Nacht und derzeit (10 Uhr) immer noch. Ich hoffe, dass nun nicht ein Haufen alter Geschichten mit hochkommen, von denen ich trotz G-Data-Virenwächter und Adware-Cleaner nichts bemerkt hatte. Heute Morgen waren bereits 70 Bedrohungen ausgewiesen.

Wir werden sehen

Zitat:

Gruß und Dank für die perfekte Betreuung mit gut nachvollziehbaren Anleitungen.

Bitte gerne und danke für dein Lob

vochsc · 24.02.2015, 21:31

Hallo Sandra,

hier nun die logfile von ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=56514db211561f47a25126c0e46a55a3
# engine=22614
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-24 02:28:10
# local_time=2015-02-24 03:28:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 183620 262311996 0 0
# scanned=965603
# found=96
# cleaned=0
# scan_time=51969
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\Conduit\Community Alerts\Alert0.dll"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\Conduit\Community Alerts\Alert1.dll"
sh=273C08650BEEC39A55AED8EDE90E02C6466442DE ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\DealPly\DealPly.crx"
sh=AA9D6284707F25A4AD35336ED6C131AC56F175AA ft=1 fh=50309858a379708c vn="Variante von Win32/DealPly.A evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\DealPly\DealPlyIE.dll"
sh=D31319B929A29892E7F25B7CE5780F08A5ADE9C0 ft=1 fh=a125b15912a98210 vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\DealPly\uninst.exe"
sh=4E8BC33C6DFBDD9727988EB0AA95AF115C08FA8F ft=1 fh=efa4d311e75fd867 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\DVDVideoSoft\tbDVD1.dll"
sh=E5C5C36DDD3DC414086EB9EC20DCEF13C06DDD94 ft=1 fh=f4eb487f30a3126f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\DVDVideoSoft\tbDVDV.dll"
sh=DD890976442C9515101EDDFCF8B7E10F6774ECF8 ft=1 fh=e3c7b31c0d928ab2 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\Eazel-DE\tbEaz1.dll"
sh=36B46D37404016B82E099E4BED942AA8C526E7F5 ft=1 fh=8481403dddca0675 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\Eazel-DE\tbEaze.dll"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\ldrtbInc0.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\ldrtbInc2.dll"
sh=0309846760182D1E519A7F1206EE6D1899A8968E ft=1 fh=8d786be015d12581 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\tbInc0.dll"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\tbInc1.dll"
sh=F0BB5A9D05FF1097B1D41A7721580EF8EBA21735 ft=1 fh=ba8b584196e26284 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll"
sh=DD890976442C9515101EDDFCF8B7E10F6774ECF8 ft=1 fh=e3c7b31c0d928ab2 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\PHPNukeDE\tbPHP1.dll"
sh=36B46D37404016B82E099E4BED942AA8C526E7F5 ft=1 fh=8481403dddca0675 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\PHPNukeDE\tbPHPN.dll"
sh=6D2CAC1134A769EAC808207A43219B181AFDB07B ft=1 fh=c71c0011a221969c vn="Variante von Win32/Adware.Toolbar.Shopper.AD Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\ShopperReports3\bin\3.0.470.0\CntntCntr.dll"
sh=44C734BC8A580CDC0FF57DA0998FAA7E35843CD6 ft=1 fh=c71c0011805fb9b9 vn="Variante von Win32/Adware.Toolbar.Shopper.AD Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\ShopperReports3\bin\3.0.470.0\mozillaps.dll"
sh=6ECD801D8A34354C9311B00ABF81E131EC29F443 ft=0 fh=0000000000000000 vn="Win32/Adware.Toolbar.Shopper.AD Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar"
sh=9552A961BD0FE89FE04B9EF4B2CE854293D2B016 ft=1 fh=c71c00118240b72b vn="Variante von Win32/Adware.Toolbar.Shopper.AD Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll"
sh=75CB0C928D6DE7065E9F19755DC37889F66467EA ft=1 fh=84e54232dcf33e6d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll"
sh=665A0A5EBC50D6AA200E772FB4283B4AD70E8995 ft=1 fh=a49bab710682b497 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgAIMAuto.dll"
sh=407D451BDD1722C622DE960A346EEBA6CB7A39F4 ft=1 fh=3bc7c66c99584495 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgAIMMessengerAdapter.dll"
sh=23370EEB088CF4E08DCC0ECEC217FE814402FD8A ft=1 fh=52fc3e6245a82cc9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgArchive.dll"
sh=949CF14DD153F77DEA9592DCFB76B6B3F02D74B6 ft=1 fh=d6c64f72516fae11 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgcommon.dll"
sh=A914E5E669560B4F37E594C45C83DEAD3D565505 ft=1 fh=ff876e8889a6fe2f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll"
sh=3CEE94E37B0B6A2316D2A7ED589028DEC1A2B563 ft=1 fh=5af655c57ad1bfcd vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgconfig.dll"
sh=194C450ECCBFBB83F5599B0B8CA980D45821FBCD ft=1 fh=de479bd3cb943ebd vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll"
sh=9A0A1220FA0C0284B3967F7CA00B89F21230EAE5 ft=1 fh=0fe79d918086dc0c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mghooking.dll"
sh=A4700DD391C137F038332EBA0A491C29DA77EDA4 ft=1 fh=f763e96ac94a7a99 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgIEPlayer.dll"
sh=C0868A108FC8A5A67AB6BC5D066FD118B18B644B ft=1 fh=511507783c68a156 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mglogger.dll"
sh=2EC21A43EE8B744A2E667D657DB82AA94508097C ft=1 fh=c35ddd3d6ec16da1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll"
sh=752C152F26E2707996EED3E3AEE78B3F2078C681 ft=1 fh=a6ef3e85f192ac39 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll"
sh=EFEC08BDCE46C68FC329D53D687651CE5C2ED84A ft=1 fh=62ca91ee42cf63d9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll"
sh=99F341EF5BD64E9F35D4AB948CC5BB802F1B83EE ft=1 fh=f4a67db824065a31 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll"
sh=881CF89065A475757232D9CFE45F675BD8B23396 ft=1 fh=132a7067e303c0e7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll"
sh=F77D8FA078E8761B5E128D3A2D3C0BBA86E1B01B ft=1 fh=5b72cddc383af78f vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll"
sh=FA5A67D7CE3BA1016A2F853434EC57508387DD26 ft=1 fh=0c384461c7e038c1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll"
sh=BEF1B645222E890337830443E20971106908B400 ft=1 fh=18b616e6da7d4fdc vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll"
sh=F78F085893FAC635CF9FD9F0552AA163966331EA ft=1 fh=4619d0fd2bdcdc95 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll"
sh=361E14E55FAFE371491C4F7A1076AA38ACE0E4E0 ft=1 fh=3bc3e34b6ac1da1c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
sh=6AC1A1E40B265D52C83ADBE0CCA7FD77A2F5CFFB ft=1 fh=1f3c5f539820f653 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
sh=0C801A5EB49A358D3C80752D4381419CD5E936BA ft=1 fh=808b4342930ca7c9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
sh=311FF5005B36BEDF12A653B66E4743E73A5807EB ft=1 fh=5c81eb10d6192181 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
sh=7DD3A8B1FE392838C81F4AE136CDE5B3FA5A6354 ft=1 fh=7978f015e61f52a9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
sh=6D7E76E0B14217F0B6BDE0F69F6256ECEB854D74 ft=1 fh=f313411dfae0c3ce vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
sh=A0E17B4AC2E02F20396A9EF0F2F3AFEBB1F4DE49 ft=1 fh=3f204d24ec0cc5c3 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
sh=550FAD18726170DDCCCFD2B6D56D3AB73C4D8FB7 ft=1 fh=aebef00a1fd0c9d4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
sh=73F330E2C2D2331CB83B0E2E3B301A0B0D6C2A44 ft=1 fh=bb1fa2c3598d4c05 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
sh=4E8BC33C6DFBDD9727988EB0AA95AF115C08FA8F ft=1 fh=efa4d311e75fd867 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Program Files (x86)\Vuze_Remote\tbVuze.dll"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc0.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc2.dll"
sh=0309846760182D1E519A7F1206EE6D1899A8968E ft=1 fh=8d786be015d12581 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc0.dll"
sh=A7A96013121A28D47EBB062A311F5E1770894815 ft=1 fh=493cfbc7057e33a4 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc1.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=972A6701E512D4D717B91B1C8E0EC542BCCEB247 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar"
sh=67EC07E0F34F86396F3364EA40709185BA49A74B ft=1 fh=73b55ea706fa42a9 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Christian\Desktop\Alles\Downloads\FreeYouTubeToMP3Converter3.10.6.727.exe"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Ute\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll"
sh=5F437ECC88A691B6161B1D168B3F4A93624F5832 ft=1 fh=400e77a5e5d54a3a vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Volker\AppData\Local\Babylon\Setup\Setup.exe"
sh=153D61D882922BA440ED0EDB0BE44F58CB47DC5B ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Volker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VHE1BE60\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Volker\AppData\LocalLow\ConduitEngine\ConduitEngine.dll"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Volker\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc0.dll"
sh=0309846760182D1E519A7F1206EE6D1899A8968E ft=1 fh=8d786be015d12581 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Volker\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc0.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Users\Volker\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=AE98730013737F50EE537EC98A6DE2307EFFCA59 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Windows\Installer\7060ba.msi"
sh=5C5F68051F1EA305E7BC25DC7FA47E032408AC03 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="D:\13-01-23.old\Windows\Installer\7060c0.msi"
sh=972A6701E512D4D717B91B1C8E0EC542BCCEB247 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="D:\C-\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar"
sh=19AFEC698E1DF0D8D971EC561205C15261409DDF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="D:\C-\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\9qgmfj21.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome\mybabylon_english.jar"
sh=3D44E7590A0C0E407ECB1879BBD9AE2CEEB74221 ft=1 fh=398a74cdcb4d1535 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="D:\I-\Svenja\Downloads\Free3GPVideoConverter.exe"
sh=8ACE2FE53C8A1A3F457CB41D71C7F995A19CBECC ft=1 fh=398a74cd88b00a50 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="D:\I-\Svenja\Downloads\FreeStudio.exe"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc0.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc2.dll"
sh=0309846760182D1E519A7F1206EE6D1899A8968E ft=1 fh=8d786be015d12581 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc0.dll"
sh=A7A96013121A28D47EBB062A311F5E1770894815 ft=1 fh=493cfbc7057e33a4 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc1.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=B7E433693429460F4872565D7CBD3980682D8A6E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\staged\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar"
sh=6B74F981A33E255E4FD09EA482ABD2EBE775F634 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar"
sh=972A6701E512D4D717B91B1C8E0EC542BCCEB247 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar"
sh=67EC07E0F34F86396F3364EA40709185BA49A74B ft=1 fh=73b55ea706fa42a9 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Christian\Desktop\Alles\Downloads\FreeYouTubeToMP3Converter3.10.6.727.exe"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Ute\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll"
sh=5F437ECC88A691B6161B1D168B3F4A93624F5832 ft=1 fh=400e77a5e5d54a3a vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Volker\AppData\Local\Babylon\Setup\Setup.exe"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Volker\AppData\LocalLow\ConduitEngine\ConduitEngine.dll"
sh=9D92140EDDAC2ECE093A4191F70F42C0E5EE133D ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="D:\Sicherung LWC 20120610\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\mde9xugg.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="I:\Chef\AppData\Roaming\0S1F1O2ZtAtB\Kindle Packages\uninstaller.exe"
sh=3D44E7590A0C0E407ECB1879BBD9AE2CEEB74221 ft=1 fh=398a74cdcb4d1535 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="I:\Svenja\Downloads\anderes\Free3GPVideoConverter.exe"
sh=8ACE2FE53C8A1A3F457CB41D71C7F995A19CBECC ft=1 fh=398a74cd88b00a50 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="I:\Svenja\Downloads\anderes\FreeStudio.exe"
sh=50EDD8368852077343EA5145552F522B785819DD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\staged\fv@P6O.org\content\bg.js"
sh=A46C2251784B5F4000F9FFEA628B4E6FAD94B5FE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\staged\Hw3@l.edu\content\bg.js"
sh=50EDD8368852077343EA5145552F522B785819DD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\p5adipwn.default\extensions\staged\fv@P6O.org\content\bg.js"
sh=A46C2251784B5F4000F9FFEA628B4E6FAD94B5FE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\p5adipwn.default\extensions\staged\Hw3@l.edu\content\bg.js"
sh=50EDD8368852077343EA5145552F522B785819DD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="I:\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\mde9xugg.default\extensions\staged\fv@P6O.org\content\bg.js"
sh=A46C2251784B5F4000F9FFEA628B4E6FAD94B5FE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="I:\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\mde9xugg.default\extensions\staged\Hw3@l.edu\content\bg.js"
sh=6CB72A9881FB7EA8C2024CCADE4D47FB0DA2F206 ft=1 fh=e3a0b234848db661 vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung" ac=I fn="I:\Volker\Downloads\pdfsam-v2_2_4-with-offer.exe"

Dazu möchte ich anmerken, dass unter D:\ die externe Festplatte angeschlossen war. Auch habe ich gemerkt, dass immer noch ein uninstaller von Kindle drauf zu sein scheint, obwohl ich das Programm Kindle for PC - wie von Dir erbeten - über die Systemsteuerung unter Programme deinstalliert habe. Oder habe ich hinsichtlich der Kindle Packages da etwas missverstanden?

und zum Abschluss die FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Chef (administrator) on VOLKER-PC on 24-02-2015 21:27:06
Running from I:\Volker\Desktop
Loaded Profiles: Chef & Volker_2 (Available profiles: Ute & Chef & Volker_2 & UpdatusUser & Administrator)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-110913018-406267621-3491769041-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-110913018-406267621-3491769041-1004\...\MountPoints2: {11c5cd71-6e20-11e2-b959-806e6f6e6963} - X:\EASINST.EXE
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-110913018-406267621-3491769041-1006\...\MountPoints2: {11c5cd71-6e20-11e2-b959-806e6f6e6963} - X:\EASINST.EXE
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-110913018-406267621-3491769041-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-110913018-406267621-3491769041-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.systea.com
HKU\S-1-5-21-110913018-406267621-3491769041-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.systea.com
HKU\S-1-5-21-110913018-406267621-3491769041-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-110913018-406267621-3491769041-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: uNNisales -> {6818c48f-6355-4917-9fe9-98b8ebb118bb} -> C:\Program Files (x86)\uNNisales\1jHFRr0XDLkU3Z.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: youtubeadblocker -> {e1e67519-a594-4953-8583-b63ab7570ed9} -> C:\Program Files (x86)\youtubeadblocker\zkgtuNJy7Rdibh.x64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: I:\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\ckjilcvh.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-03]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [31576 2013-03-26] ()
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-26] (Samsung Electronics Co., Ltd.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-08-13] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-01] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-08-13] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-06] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-02-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-11-22] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-06] (G Data Software AG)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 00:59 - 2015-02-24 00:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-24 00:52 - 2015-02-24 00:52 - 02347384 _____ (ESET) I:\Volker\Desktop\esetsmartinstaller_deu.exe
2015-02-22 21:59 - 2015-02-22 21:59 - 00000201 _____ () I:\Volker\Documents\G DATA Protokoll ID 1294.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000200 _____ () I:\Volker\Documents\G DATA Protokoll ID 1295.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000198 _____ () I:\Volker\Documents\G DATA Protokoll ID 1293.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000175 _____ () I:\Volker\Documents\G DATA Protokoll ID 1296.txt
2015-02-22 21:59 - 2015-02-22 21:59 - 00000108 _____ () I:\Volker\Documents\G DATA Protokoll ID 1297.txt
2015-02-22 21:58 - 2015-02-22 21:58 - 00000705 _____ () I:\Volker\Documents\G DATA Protokoll ID 1300.txt
2015-02-22 21:38 - 2015-02-24 00:47 - 00014218 _____ () I:\Volker\Desktop\mbam.txt
2015-02-22 21:00 - 2015-02-22 21:00 - 00000832 _____ () I:\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-22 21:00 - 2015-02-22 21:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-22 21:00 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-22 21:00 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-22 21:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-22 20:40 - 2015-02-23 23:41 - 00024151 _____ () I:\Volker\Desktop\Addition.txt
2015-02-22 20:39 - 2015-02-24 21:27 - 00012126 _____ () I:\Volker\Desktop\FRST.txt
2015-02-22 20:17 - 2015-02-24 21:27 - 00000000 ____D () C:\FRST
2015-02-22 20:16 - 2015-02-22 20:16 - 02087424 _____ (Farbar) I:\Volker\Desktop\FRST64.exe
2015-02-16 22:16 - 2015-02-16 22:16 - 00000000 ____D () I:\Public\Foxit Software
2015-02-16 22:11 - 2015-02-16 22:12 - 53078632 _____ (Foxit Software Inc. ) I:\Chef\Downloads\FoxitReader708.1216_prom_L10N_Setup.exe
2015-02-16 22:02 - 2015-02-16 22:03 - 93427112 _____ (Oracle Corporation) I:\Chef\Downloads\jre-8u31-windows-x64.exe
2015-02-16 22:02 - 2015-02-16 22:02 - 30431144 _____ (Oracle Corporation) I:\Chef\Downloads\jre-8u31-windows-i586.exe
2015-02-16 21:52 - 2015-01-23 05:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-16 21:52 - 2015-01-23 04:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-16 21:52 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-16 21:52 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 23:19 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 23:19 - 2014-12-08 02:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 23:18 - 2015-01-09 01:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 23:18 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 23:18 - 2014-11-26 02:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 23:08 - 2015-01-13 02:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 23:08 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 23:07 - 2015-01-15 07:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 23:07 - 2015-01-15 05:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 22:47 - 2015-02-12 22:47 - 02112512 _____ () I:\Chef\Downloads\adwcleaner_4.110.exe
2015-02-12 20:23 - 2015-01-14 04:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 20:23 - 2015-01-14 03:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 20:23 - 2015-01-14 03:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 20:23 - 2015-01-14 03:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 20:23 - 2015-01-14 03:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 20:23 - 2015-01-14 03:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 20:23 - 2015-01-14 03:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 20:23 - 2015-01-14 03:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 20:23 - 2015-01-14 03:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 20:23 - 2015-01-14 03:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 20:23 - 2015-01-14 03:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 20:23 - 2015-01-14 03:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 20:23 - 2015-01-14 03:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-12 20:23 - 2015-01-14 03:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-12 20:23 - 2015-01-14 03:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-12 20:23 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 20:23 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-12 20:23 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 20:23 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 20:23 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 20:23 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-12 20:23 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 20:23 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 20:23 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-12 20:23 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-12 20:23 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-08 19:04 - 2015-02-08 19:04 - 03044736 _____ (Enigma Software Group USA, LLC.) I:\Volker\Downloads\SpyHunter-Installer.exe
2015-02-08 18:51 - 2015-02-08 18:51 - 00000234 _____ () I:\Volker\Documents\G DATA Protokoll ID 1280.txt
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\EPUBDRMRemoval
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\AppData\Roaming\EPUBDRMRemoval
2015-01-28 23:07 - 2015-01-28 23:07 - 00000000 ____D () I:\Volker\AppData\Roaming\.EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:07 - 00000000 ____D () I:\Chef\AppData\Roaming\.EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\EPUBDRMRemoval
2015-01-28 23:04 - 2015-01-28 23:04 - 00000000 ____D () I:\Chef\AppData\Roaming\EPUBDRMRemoval
2015-01-28 23:03 - 2015-01-28 23:03 - 00000893 _____ () I:\Public\Desktop\Epubor EPUB DRM Removal.lnk
2015-01-28 23:02 - 2015-01-28 23:03 - 17203268 _____ (Epubor Inc.) I:\Volker\Downloads\epub_drm_removal.exe
2015-01-28 22:51 - 2015-01-28 22:52 - 00000000 ____D () I:\Volker\Downloads\skinny
2015-01-28 21:45 - 2015-01-28 22:58 - 00000000 ____D () I:\Volker\AppData\Roaming\.Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\AppData\Roaming\Ultimate
2015-01-28 21:45 - 2015-01-28 21:45 - 00000000 ____D () I:\Volker\AppData\Roaming\.Epubor
2015-01-28 21:43 - 2015-01-28 21:43 - 00000000 ____D () I:\Chef\AppData\Roaming\calibre
2015-01-28 21:41 - 2015-01-28 21:44 - 00000000 ____D () I:\Chef\AppData\Roaming\.Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\AppData\Roaming\Ultimate
2015-01-28 21:41 - 2015-01-28 21:41 - 00000000 ____D () I:\Chef\AppData\Roaming\.Epubor
2015-01-28 21:40 - 2015-01-28 23:03 - 00000000 ____D () C:\Program Files (x86)\Epubor
2015-01-28 21:40 - 2015-01-28 21:40 - 00000863 _____ () I:\Public\Desktop\Epubor Ultimate.lnk
2015-01-28 21:36 - 2015-01-28 21:39 - 56219040 _____ (Epubor Inc.) I:\Volker\Downloads\epubor_ultimate.exe
2015-01-28 21:26 - 2015-01-28 21:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 20:58 - 2015-01-28 20:59 - 00000123 _____ () I:\Volker\Documents\Sidebar Fehler.txt
2015-01-27 22:24 - 2015-01-27 22:24 - 00000000 ____D () I:\Volker\Documents\Harper, Bob; Critser, Greg
2015-01-25 18:07 - 2014-10-12 17:51 - 00000512 ____H () I:\Volker\Desktop\NIKON001.DSC
2015-01-25 15:41 - 2015-01-25 15:41 - 00000000 ____D () I:\Volker\AppData\Roaming\IrfanView
2015-01-25 15:38 - 2015-01-25 15:38 - 10741384 _____ (Irfan Skiljan) I:\Volker\Downloads\irfanview_plugins_438_setup.exe
2015-01-25 15:27 - 2015-01-25 15:33 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-01-25 15:27 - 2015-01-25 15:27 - 00000000 ____D () I:\Chef\AppData\Roaming\IrfanView
2015-01-25 15:26 - 2015-01-25 15:26 - 01898640 _____ (Irfan Skiljan) I:\Volker\Downloads\iview438_setup.exe
2015-01-25 14:55 - 2015-02-12 21:21 - 00000000 ____D () I:\Volker\Documents\Druckertest
2015-01-25 13:40 - 2015-01-25 13:40 - 00000000 ____D () I:\Volker\Downloads\Sidebar_neu_initialisieren
2015-01-25 13:39 - 2015-01-25 13:39 - 00000246 _____ () I:\Volker\Downloads\Sidebar_neu_initialisieren.zip
2015-01-25 13:37 - 2015-01-25 13:37 - 00000265 _____ () I:\Volker\Downloads\Sidebar_neu_registrieren.zip
2015-01-25 13:37 - 2015-01-25 13:37 - 00000000 ____D () I:\Volker\Downloads\Sidebar_neu_registrieren

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 20:40 - 2008-01-21 02:53 - 01245929 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 20:40 - 2006-11-02 16:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 20:40 - 2006-11-02 16:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 00:53 - 2008-01-21 12:10 - 01566088 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 00:53 - 2008-01-21 12:09 - 00673684 _____ () C:\Windows\system32\perfh007.dat
2015-02-24 00:53 - 2008-01-21 12:09 - 00145696 _____ () C:\Windows\system32\perfc007.dat
2015-02-24 00:41 - 2014-09-28 22:10 - 00000000 ____D () I:\Volker\AppData\Local\CrashDumps
2015-02-24 00:40 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 00:39 - 2006-11-02 16:42 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-24 00:08 - 2015-01-18 14:42 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-23 23:56 - 2013-02-06 21:03 - 00000000 __SHD () I:\$RECYCLE.BIN\S-1-5-21-110913018-406267621-3491769041-1006
2015-02-23 23:19 - 2014-11-23 19:41 - 00000000 ____D () I:\Volker\hob_jportal
2015-02-23 23:11 - 2013-10-03 18:00 - 00011372 _____ () I:\Volker\AppData\Roaming\SmarThruOptions.xml
2015-02-23 22:19 - 2014-03-23 15:40 - 00000000 ____D () I:\Volker\Documents\Kindergeld
2015-02-23 21:46 - 2008-01-21 04:26 - 00435716 _____ () C:\Windows\PFRO.log
2015-02-22 16:12 - 2014-09-02 08:41 - 00000000 ____D () I:\Ute\AppData\Local\CrashDumps
2015-02-22 15:39 - 2013-02-03 23:53 - 00000000 __SHD () I:\$RECYCLE.BIN\S-1-5-21-110913018-406267621-3491769041-1003
2015-02-22 13:15 - 2014-03-30 12:49 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-22 13:15 - 2013-04-26 10:23 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-22 12:31 - 2012-09-16 16:59 - 00000000 ____D () I:\Volker\Documents\Kontoauszüge Mastercard
2015-02-16 22:07 - 2014-08-17 16:11 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-16 22:07 - 2013-02-03 23:36 - 00000000 ____D () C:\Program Files\Java
2015-02-16 22:04 - 2014-08-17 16:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-16 22:04 - 2013-03-27 19:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-16 22:00 - 2015-01-18 16:08 - 00000000 ____D () I:\Chef\AppData\Local\CrashDumps
2015-02-16 21:40 - 2006-11-02 16:21 - 00436832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 23:24 - 2014-04-13 12:49 - 00001733 _____ () I:\Public\Desktop\G DATA ANTIVIRUS.lnk
2015-02-12 23:24 - 2013-02-03 18:38 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2015-02-12 23:23 - 2014-04-13 12:48 - 00014590 _____ () C:\Windows\DPINST.LOG
2015-02-12 23:13 - 2014-02-16 19:50 - 01541544 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-12 23:07 - 2013-08-21 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 23:04 - 2006-11-02 13:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-08 17:55 - 2007-12-16 20:51 - 00000175 _____ () I:\Volker\Desktop\Sidebar_neu_registrieren.bat
2015-02-08 17:54 - 2007-12-16 20:50 - 00000088 _____ () I:\Volker\Desktop\Sidebar_neu_initialisieren.bat
2015-02-08 17:53 - 2012-06-12 22:28 - 00000000 ____D () I:\Volker\Documents\Kontoauszüge Co-Bank
2015-02-01 19:16 - 2006-11-02 16:27 - 00118712 _____ () C:\Windows\setupact.log
2015-01-29 21:57 - 2013-02-03 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 23:28 - 2015-01-18 15:29 - 00000000 ____D () I:\Volker\Documents\Calibre-Bibliothek
2015-01-27 22:21 - 2015-01-18 15:29 - 00000000 ____D () I:\Volker\AppData\Roaming\calibre

==================== Files in the root of some directories =======

2014-06-08 19:54 - 2014-06-08 19:54 - 0000068 _____ () I:\Chef\AppData\Roaming\Camdata.ini
2014-06-08 19:54 - 2014-06-08 19:54 - 0000408 _____ () I:\Chef\AppData\Roaming\CamLayout.ini
2014-06-08 19:54 - 2014-06-08 19:54 - 0000408 _____ () I:\Chef\AppData\Roaming\CamShapes.ini
2014-06-08 19:54 - 2014-06-08 19:54 - 0004568 _____ () I:\Chef\AppData\Roaming\CamStudio.cfg
2014-05-10 11:29 - 2014-05-10 11:29 - 0000031 _____ () I:\Chef\AppData\Roaming\DATAMATEC.INI
2013-10-03 17:59 - 2014-08-31 21:09 - 0011339 _____ () I:\Chef\AppData\Roaming\SmarThruOptions.xml
2014-06-08 19:28 - 2014-06-08 19:28 - 0000096 _____ () I:\Chef\AppData\Roaming\version2.xml
2013-02-24 15:25 - 2013-02-24 15:25 - 0000680 _____ () I:\Chef\AppData\Local\d3d9caps.dat
2013-02-24 15:20 - 2013-03-03 13:00 - 0001460 _____ () I:\Chef\AppData\Local\d3d9caps64.dat

Files to move or delete:
====================
I:\Ute\temp.dat


Some content of TEMP:
====================
I:\Chef\AppData\Local\Temp\Foxit Reader Updater.exe
I:\Chef\AppData\Local\Temp\Foxit Updater.exe
I:\Chef\AppData\Local\Temp\FoxitUpdater.exe
I:\Chef\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
I:\Chef\AppData\Local\Temp\nvStInst.exe
I:\Chef\AppData\Local\Temp\Quarantine.exe
I:\Chef\AppData\Local\Temp\sdanircmdc.exe
I:\Chef\AppData\Local\Temp\sdapskill.exe
I:\Chef\AppData\Local\Temp\sdaspwn.exe
I:\Chef\AppData\Local\Temp\sqlite3.dll
I:\Chef\AppData\Local\Temp\tilgung_i.exe
I:\Chef\AppData\Local\Temp\vlc-2.1.5-win32.exe
I:\Ute\AppData\Local\Temp\03E00FBD.dll
I:\Ute\AppData\Local\Temp\03E13109.dll
I:\Ute\AppData\Local\Temp\03E1C4B6.dll
I:\Ute\AppData\Local\Temp\5F86505F.dll
I:\Ute\AppData\Local\Temp\5F869319.dll
I:\Ute\AppData\Local\Temp\CB7D2D1E.dll
I:\Ute\AppData\Local\Temp\CB7FDF8E.dll
I:\Ute\AppData\Local\Temp\CB802C3D.dll
I:\Ute\AppData\Local\Temp\CB812058.dll
I:\Ute\AppData\Local\Temp\CB864630.dll
I:\Ute\AppData\Local\Temp\CB898723.dll
I:\Ute\AppData\Local\Temp\CB97C013.dll
I:\Ute\AppData\Local\Temp\CB992369.dll
I:\Ute\AppData\Local\Temp\CB998C23.dll
I:\Ute\AppData\Local\Temp\E4C5976A.dll
I:\Ute\AppData\Local\Temp\E4DC6B0C.dll
I:\Ute\AppData\Local\Temp\F73A1EF0.dll
I:\Ute\AppData\Local\Temp\F74671A1.dll
I:\Ute\AppData\Local\Temp\Foxit Reader Updater.exe
I:\Ute\AppData\Local\Temp\Foxit Updater.exe
I:\Volker\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 12:48

==================== End Of Log ============================

--- --- ---

Ich bin sehr gespannt, was Du daraus lesen kannst und welche Aufgaben Du nun für mich hast.
Herzliche Grüße

und die addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by Chef at 2015-02-24 21:27:44
Running from I:\Volker\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA ANTIVIRUS (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA ANTIVIRUS (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v2.85 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.85 - FinalWire Ltd.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{31ED17F1-B223-404B-9415-C31404A24CE9}) (Version: 2.16.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{C4E35316-77F1-4EBD-9785-C72E55B1D219}) (Version: 8.4.2.1768 - TechSmith Corporation)
DH Driver Cleaner Professional Edition (HKLM-x32\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
EAS-Laufzeitmodul (HKLM-x32\...\{D3103768-A8FB-11D4-ACDF-00104B58121A}) (Version: 1.0.0.0 - Krämer & Kröll GmbH)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Epubor EPUB DRM Removal (HKLM-x32\...\Epubor EPUB DRM Removal) (Version: 2.0.9.12 - Epubor Inc.)
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.4.18 - Epubor Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
G DATA ANTIVIRUS (HKLM-x32\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.5 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kindle Packages (HKU\S-1-5-21-110913018-406267621-3491769041-1004\...\Kindle Packages) (Version:  - ) <==== ATTENTION
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{2EC623B7-3559-4058-B4AC-14DC018FC0B7}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SmarThru PC Fax (HKLM-x32\...\SmarThru PC Fax) (Version:  - )
Thommi's BauFi Rechner 1.4 (HKLM-x32\...\Thommi's BauFi Rechner) (Version: 1.4 - ThomasBolz.de)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-02-2015 13:14:04 Garmin Express
22-02-2015 13:16:06 Garmin Express
22-02-2015 13:17:07 Windows Update
24-02-2015 00:09:20 Removed Java 8 Update 25
24-02-2015 00:10:29 Removed Java 8 Update 25 (64-bit)
24-02-2015 16:10:00 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {127CD5D8-6C6D-4412-94F3-580D3DC929DE} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {9222CA07-CA45-4C28-BE13-F235F1A4C87A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

==================== Loaded Modules (whitelisted) ==============

2013-10-03 17:58 - 2009-05-08 10:53 - 00082432 _____ () C:\Windows\System32\SamFaxPort64.dll
2013-02-03 23:32 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2013-02-03 23:32 - 2012-09-10 16:07 - 01212928 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\spd__du.dll
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2011-01-27 14:28 - 2011-01-27 14:28 - 00706048 _____ () C:\Windows\system32\SnMinDrv.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-28 21:26 - 2015-01-28 21:26 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-110913018-406267621-3491769041-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-110913018-406267621-3491769041-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-110913018-406267621-3491769041-500 - Administrator - Disabled) => I:\Administrator
Chef (S-1-5-21-110913018-406267621-3491769041-1004 - Administrator - Enabled) => I:\Chef
Gast (S-1-5-21-110913018-406267621-3491769041-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-110913018-406267621-3491769041-1007 - Limited - Enabled) => I:\UpdatusUser
Ute (S-1-5-21-110913018-406267621-3491769041-1003 - Limited - Enabled) => I:\Ute
Volker_2 (S-1-5-21-110913018-406267621-3491769041-1006 - Limited - Enabled) => I:\Volker

==================== Faulty Device Manager Devices =============

Name: Atheros AR5005G Wireless Network Adapter
Description: Atheros AR5005G Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2015 09:20:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/24/2015 00:59:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/24/2015 00:59:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/24/2015 00:59:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/24/2015 00:58:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/24/2015 00:58:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (02/24/2015 00:42:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 00:41:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xe18, Anwendungsstartzeit sidebar.exe0.

Error: (02/24/2015 00:20:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.19243, Zeitstempel 0x5475302c, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xbdc, Anwendungsstartzeit sidebar.exe0.

Error: (02/24/2015 00:20:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/24/2015 00:42:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/24/2015 00:42:56 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/24/2015 00:21:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/24/2015 00:21:33 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/23/2015 09:49:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/23/2015 09:49:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (02/23/2015 09:48:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Garmin Core Update Service%%1053

Error: (02/23/2015 09:48:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Garmin Core Update Service

Error: (02/22/2015 07:42:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (02/22/2015 07:42:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330


Microsoft Office Sessions:
=========================
Error: (02/24/2015 09:20:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/24/2015 00:59:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestI:\Volker\Desktop\esetsmartinstaller_deu.exe

Error: (02/24/2015 00:59:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestI:\Volker\Desktop\esetsmartinstaller_deu.exe

Error: (02/24/2015 00:59:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestI:\Volker\Desktop\esetsmartinstaller_deu.exe

Error: (02/24/2015 00:58:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestI:\Volker\Desktop\esetsmartinstaller_deu.exe

Error: (02/24/2015 00:58:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestI:\Volker\Downloads\esetsmartinstaller_deu.exe

Error: (02/24/2015 00:42:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 00:41:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc00000050000000000001149e1801d04fc22868f691

Error: (02/24/2015 00:20:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.0.6002.1800549e035b8OLEAUT32.dll6.0.6002.192435475302cc00000050000000000001149bdc01d04fbf225f9c92

Error: (02/24/2015 00:20:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-02-24 21:27:36.339
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-24 21:27:36.230
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-24 21:27:36.121
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-24 21:27:36.012
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-24 21:27:35.840
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-24 21:27:35.746
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-24 21:27:35.637
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-24 21:27:35.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-24 21:27:13.516
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-24 21:27:13.423
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 59%
Total physical RAM: 4093.58 MB
Available physical RAM: 1674.52 MB
Total Pagefile: 8382.44 MB
Available Pagefile: 5758.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Vista und Programme) (Fixed) (Total:302.01 GB) (Free:243.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (USB-HDD) (Fixed) (Total:1397.26 GB) (Free:512.9 GB) NTFS
Drive e: (Austausch) (Fixed) (Total:151.96 GB) (Free:148.79 GB) NTFS
Drive i: (Daten) (Fixed) (Total:439.2 GB) (Free:97.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DBE50493)
Partition 1: (Active) - (Size=302 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=439.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=38.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=152 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 1397.3 GB) (Disk ID: 48686A76)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bootsektor · 24.02.2015, 23:16

Hallo,

na da hat ESET ja doch ein bißchen was gefunden.

Hast du denn nun noch Probleme?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

D:\13-01-23.old\Program Files (x86)\Conduit\
D:\13-01-23.old\Program Files (x86)\DealPly\
D:\13-01-23.old\Program Files (x86)\Eazel-DE\
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\
D:\13-01-23.old\Program Files (x86)\PHPNukeDE\
D:\13-01-23.old\Program Files (x86)\ShopperReports3\
D:\13-01-23.old\Program Files (x86)\SweetIM\
D:\13-01-23.old\Program Files (x86)\Vuze_Remote\
D:\13-01-23.old\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\
D:\13-01-23.old\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar
D:\13-01-23.old\Users\Ute\AppData\LocalLow\IncrediMail_MediaBar_2\
D:\13-01-23.old\Users\Volker\AppData\Local\Babylon\
D:\13-01-23.old\Users\Volker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VHE1BE60\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi
D:\13-01-23.old\Users\Volker\AppData\LocalLow\ConduitEngine\
D:\13-01-23.old\Users\Volker\AppData\LocalLow\IncrediMail_MediaBar_2\
D:\13-01-23.old\Windows\Installer\7060ba.msi
D:\13-01-23.old\Windows\Installer\7060c0.msi
D:\C-\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar
D:\C-\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\9qgmfj21.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome\mybabylon_english.jar
D:\I-\Svenja\Downloads\Free3GPVideoConverter.exe
D:\I-\Svenja\Downloads\FreeStudio.exe
D:\Sicherung LWC 20120610\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2
D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\staged\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar
D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar
D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar
D:\Sicherung LWC 20120610\Users\Ute\AppData\LocalLow\IncrediMail_MediaBar_2\
D:\Sicherung LWC 20120610\Users\Volker\AppData\Local\Babylon\
D:\Sicherung LWC 20120610\Users\Volker\AppData\LocalLow\ConduitEngine\
D:\Sicherung LWC 20120610\Users\Volker\AppData\Roaming\Mozilla\Firefox\profiles\mde9xugg.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul
I:\Chef\AppData\Roaming\0S1F1O2ZtAtB\Kindle Packages\uninstaller.exe
I:\Svenja\Downloads\anderes\Free3GPVideoConverter.exe
I:\Svenja\Downloads\anderes\FreeStudio.exe
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\staged\fv@P6O.org\content\bg.js
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\staged\Hw3@l.edu\content\bg.js
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\p5adipwn.default\extensions\staged\fv@P6O.org\content\bg.js
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\p5adipwn.default\extensions\staged\Hw3@l.edu\content\bg.js
I:\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\mde9xugg.default\extensions\staged\fv@P6O.org\content\bg.js
I:\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\mde9xugg.default\extensions\staged\Hw3@l.edu\content\bg.js
I:\Volker\Downloads\pdfsam-v2_2_4-with-offer.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

vochsc · 25.02.2015, 21:08

Guten Abend, Sandra,

beim Fix mit FRST hat G-Data wiieder ständig gemeckert, weil auf infizierte Dateien zugegriffen werden sollte. Habe es dann ausgeschaltet. Hoffe, dass es danach mit dem Fix geklappt hat.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Chef at 2015-02-25 20:50:28 Run:2
Running from I:\Volker\Desktop
Loaded Profiles: Chef & Volker_2 (Available profiles: Ute & Chef & Volker_2 & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
D:\13-01-23.old\Program Files (x86)\Conduit\
D:\13-01-23.old\Program Files (x86)\DealPly\
D:\13-01-23.old\Program Files (x86)\Eazel-DE\
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\
D:\13-01-23.old\Program Files (x86)\PHPNukeDE\
D:\13-01-23.old\Program Files (x86)\ShopperReports3\
D:\13-01-23.old\Program Files (x86)\SweetIM\
D:\13-01-23.old\Program Files (x86)\Vuze_Remote\
D:\13-01-23.old\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2\
D:\13-01-23.old\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar
D:\13-01-23.old\Users\Ute\AppData\LocalLow\IncrediMail_MediaBar_2\
D:\13-01-23.old\Users\Volker\AppData\Local\Babylon\
D:\13-01-23.old\Users\Volker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VHE1BE60\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi
D:\13-01-23.old\Users\Volker\AppData\LocalLow\ConduitEngine\
D:\13-01-23.old\Users\Volker\AppData\LocalLow\IncrediMail_MediaBar_2\
D:\13-01-23.old\Windows\Installer\7060ba.msi
D:\13-01-23.old\Windows\Installer\7060c0.msi
D:\C-\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar
D:\C-\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\9qgmfj21.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome\mybabylon_english.jar
D:\I-\Svenja\Downloads\Free3GPVideoConverter.exe
D:\I-\Svenja\Downloads\FreeStudio.exe
D:\Sicherung LWC 20120610\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2
D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\staged\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar
D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar
D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar
D:\Sicherung LWC 20120610\Users\Ute\AppData\LocalLow\IncrediMail_MediaBar_2\
D:\Sicherung LWC 20120610\Users\Volker\AppData\Local\Babylon\
D:\Sicherung LWC 20120610\Users\Volker\AppData\LocalLow\ConduitEngine\
D:\Sicherung LWC 20120610\Users\Volker\AppData\Roaming\Mozilla\Firefox\profiles\mde9xugg.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul
I:\Chef\AppData\Roaming\0S1F1O2ZtAtB\Kindle Packages\uninstaller.exe
I:\Svenja\Downloads\anderes\Free3GPVideoConverter.exe
I:\Svenja\Downloads\anderes\FreeStudio.exe
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\staged\fv@P6O.org\content\bg.js
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\staged\Hw3@l.edu\content\bg.js
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\p5adipwn.default\extensions\staged\fv@P6O.org\content\bg.js
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\p5adipwn.default\extensions\staged\Hw3@l.edu\content\bg.js
I:\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\mde9xugg.default\extensions\staged\fv@P6O.org\content\bg.js
I:\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\mde9xugg.default\extensions\staged\Hw3@l.edu\content\bg.js
I:\Volker\Downloads\pdfsam-v2_2_4-with-offer.exe
*****************

D:\13-01-23.old\Program Files (x86)\Conduit => Moved successfully.
D:\13-01-23.old\Program Files (x86)\DealPly => Moved successfully.

"D:\13-01-23.old\Program Files (x86)\Eazel-DE" directory move:

Could not move "D:\13-01-23.old\Program Files (x86)\Eazel-DE\Eazel-DEToolbarHelper.exe" => Scheduled to move on reboot.
D:\13-01-23.old\Program Files (x86)\Eazel-DE\INSTALL.LOG => Moved successfully.
D:\13-01-23.old\Program Files (x86)\Eazel-DE\tbEaz1.dll => Moved successfully.
D:\13-01-23.old\Program Files (x86)\Eazel-DE\tbEaze.dll => Moved successfully.
D:\13-01-23.old\Program Files (x86)\Eazel-DE\toolbar.cfg => Moved successfully.
D:\13-01-23.old\Program Files (x86)\Eazel-DE\UNWISE.EXE => Moved successfully.
D:\13-01-23.old\Program Files (x86)\Eazel-DE\UNWISE.INI => Moved successfully.
Could not move "D:\13-01-23.old\Program Files (x86)\Eazel-DE" directory. => Scheduled to move on reboot.


"D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2" directory move:

D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\GottenAppsContextMenu.xml => Moved successfully.
Could not move "D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\IncrediMail_MediaBar_2ToolbarHelper.exe" => Scheduled to move on reboot.
Could not move "D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\IncrediMail_MediaBar_2ToolbarHelper1.exe" => Scheduled to move on reboot.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\INSTALL.LOG => Moved successfully.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\ldrtbInc0.dll => Moved successfully.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\ldrtbInc2.dll => Moved successfully.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\OtherAppsContextMenu.xml => Moved successfully.
Could not move "D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll" => Scheduled to move on reboot.
Could not move "D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc1.dll" => Scheduled to move on reboot.
Could not move "D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dll" => Scheduled to move on reboot.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\SharedAppsContextMenu.xml => Moved successfully.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\tbInc0.dll => Moved successfully.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\tbInc1.dll => Moved successfully.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll => Moved successfully.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\toolbar.cfg => Moved successfully.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\ToolbarContextMenu.xml => Moved successfully.
Could not move "D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\uninstall.exe" => Scheduled to move on reboot.
D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2\UNWISE.EXE => Moved successfully.
Could not move "D:\13-01-23.old\Program Files (x86)\IncrediMail_MediaBar_2" directory. => Scheduled to move on reboot.


"D:\13-01-23.old\Program Files (x86)\PHPNukeDE" directory move:

D:\13-01-23.old\Program Files (x86)\PHPNukeDE\INSTALL.LOG => Moved successfully.
Could not move "D:\13-01-23.old\Program Files (x86)\PHPNukeDE\PHPNukeDEToolbarHelper.exe" => Scheduled to move on reboot.
D:\13-01-23.old\Program Files (x86)\PHPNukeDE\tbPHP1.dll => Moved successfully.
D:\13-01-23.old\Program Files (x86)\PHPNukeDE\tbPHPN.dll => Moved successfully.
D:\13-01-23.old\Program Files (x86)\PHPNukeDE\toolbar.cfg => Moved successfully.
D:\13-01-23.old\Program Files (x86)\PHPNukeDE\UNWISE.EXE => Moved successfully.
D:\13-01-23.old\Program Files (x86)\PHPNukeDE\UNWISE.INI => Moved successfully.
Could not move "D:\13-01-23.old\Program Files (x86)\PHPNukeDE" directory. => Scheduled to move on reboot.

D:\13-01-23.old\Program Files (x86)\ShopperReports3 => Moved successfully.
D:\13-01-23.old\Program Files (x86)\SweetIM => Moved successfully.

"D:\13-01-23.old\Program Files (x86)\Vuze_Remote" directory move:

D:\13-01-23.old\Program Files (x86)\Vuze_Remote\INSTALL.LOG => Moved successfully.
D:\13-01-23.old\Program Files (x86)\Vuze_Remote\tbVuze.dll => Moved successfully.
D:\13-01-23.old\Program Files (x86)\Vuze_Remote\toolbar.cfg => Moved successfully.
D:\13-01-23.old\Program Files (x86)\Vuze_Remote\UNWISE.EXE => Moved successfully.
Could not move "D:\13-01-23.old\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe" => Scheduled to move on reboot.
Could not move "D:\13-01-23.old\Program Files (x86)\Vuze_Remote" directory. => Scheduled to move on reboot.

D:\13-01-23.old\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2 => Moved successfully.
D:\13-01-23.old\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar => Moved successfully.
D:\13-01-23.old\Users\Ute\AppData\LocalLow\IncrediMail_MediaBar_2 => Moved successfully.
D:\13-01-23.old\Users\Volker\AppData\Local\Babylon => Moved successfully.
D:\13-01-23.old\Users\Volker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VHE1BE60\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi => Moved successfully.
D:\13-01-23.old\Users\Volker\AppData\LocalLow\ConduitEngine => Moved successfully.
D:\13-01-23.old\Users\Volker\AppData\LocalLow\IncrediMail_MediaBar_2 => Moved successfully.
D:\13-01-23.old\Windows\Installer\7060ba.msi => Moved successfully.
D:\13-01-23.old\Windows\Installer\7060c0.msi => Moved successfully.
D:\C-\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar => Moved successfully.
D:\C-\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\9qgmfj21.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome\mybabylon_english.jar => Moved successfully.
D:\I-\Svenja\Downloads\Free3GPVideoConverter.exe => Moved successfully.
D:\I-\Svenja\Downloads\FreeStudio.exe => Moved successfully.
D:\Sicherung LWC 20120610\Users\Christian\AppData\LocalLow\IncrediMail_MediaBar_2 => Moved successfully.
D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\staged\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar => Moved successfully.
D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar => Moved successfully.
D:\Sicherung LWC 20120610\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbllqp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar => Moved successfully.
D:\Sicherung LWC 20120610\Users\Ute\AppData\LocalLow\IncrediMail_MediaBar_2 => Moved successfully.
D:\Sicherung LWC 20120610\Users\Volker\AppData\Local\Babylon => Moved successfully.
D:\Sicherung LWC 20120610\Users\Volker\AppData\LocalLow\ConduitEngine => Moved successfully.
D:\Sicherung LWC 20120610\Users\Volker\AppData\Roaming\Mozilla\Firefox\profiles\mde9xugg.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul => Moved successfully.
I:\Chef\AppData\Roaming\0S1F1O2ZtAtB\Kindle Packages\uninstaller.exe => Moved successfully.
I:\Svenja\Downloads\anderes\Free3GPVideoConverter.exe => Moved successfully.
I:\Svenja\Downloads\anderes\FreeStudio.exe => Moved successfully.
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\staged\fv@P6O.org\content\bg.js => Moved successfully.
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\6qigmbnp.default\extensions\staged\Hw3@l.edu\content\bg.js => Moved successfully.
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\p5adipwn.default\extensions\staged\fv@P6O.org\content\bg.js => Moved successfully.
I:\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\p5adipwn.default\extensions\staged\Hw3@l.edu\content\bg.js => Moved successfully.
I:\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\mde9xugg.default\extensions\staged\fv@P6O.org\content\bg.js => Moved successfully.
I:\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\mde9xugg.default\extensions\staged\Hw3@l.edu\content\bg.js => Moved successfully.
I:\Volker\Downloads\pdfsam-v2_2_4-with-offer.exe => Moved successfully.

Du hattest gefragt, ob ich noch Probleme hatte. Diese beschränkten sich ja nur auf die nicht mehr funktionierende und auch nicht neu installierbare Windows Sidebar und darauf, dass der Virenscanner ständig Alarm geschlagen hat. Performance- oder andere Probleme hatte ich ja nicht festgestellt.

Vielleicht haben die Scans ja gezeigt, dass dieser Rechner ein Dual Boot System ist. Deshalb interessiert mich, ob man eigentlich nicht auch von der Linux-Partition aus die Windows-Partitionen kontrollieren bzw. "putzen" kann. Dann befindet man sich ja eigentlich außerhalb des befallenen Systems, oder? Ist aber vor allem Interesse, ansonsten klappt es ja ganz offensichtlich - wenn man so kundige Unterstützung bekommt - auch von innerhalb. Soll ich jetzt noch einmal einen FRST-Scan laufen lasssen?

Herzliche Grüße

Bootsektor · 25.02.2015, 23:39

Hallo,

Zitat:

beim Fix mit FRST hat G-Data wiieder ständig gemeckert, weil auf infizierte Dateien zugegriffen werden sollte

Ja, immer ausmachen beim fixen und scannen.

Zitat:

Vielleicht haben die Scans ja gezeigt, dass dieser Rechner ein Dual Boot System ist. Deshalb interessiert mich, ob man eigentlich nicht auch von der Linux-Partition aus die Windows-Partitionen kontrollieren bzw. "putzen" kann. Dann befindet man sich ja eigentlich außerhalb des befallenen Systems, oder? Ist aber vor allem Interesse, ansonsten klappt es ja ganz offensichtlich - wenn man so kundige Unterstützung bekommt - auch von innerhalb. Soll ich jetzt noch einmal einen FRST-Scan laufen lasssen?

Klar geht das, geht aber auch einfacher mit FRST aus der Recovery. Solange das System noch läuft ist das der erste Weg, hier aber nicht notwendig.

Lass uns wegen der Sidebar nochmal was versuchen:

Schritt 1
Lade dir bitte angehängte batch runter und führe diese aus, mache danach einen Neustart und teste, ob die Sidebar nun funktioniert.

vochsc · 25.02.2015, 23:51

'n Abend!
Die Batch-Datei hatte ich auch schon im www gefunden. Hat leider jetzt wie bisher nicht funktioniert.

Bootsektor · 26.02.2015, 00:04

Ok,

dann hast du das bestimmt auch schon gemacht?

Die Sidebar funktioniert nicht mehr | Borns IT- und Windows-Blog
http://www.howtogeek.com/howto/windo...vista-sidebar/

vochsc · 26.02.2015, 00:36

Hallo Sandra,

die zwei Links kannte ich noch nicht, aber das meiste vom Inhalt hatte ich auch schon gefunden und gemacht. Den Rest habe ich jetzt versucht, leider alles ohne Erfolg. Ich würde sie ja auch einfach abschalten, aber auch das klappt nicht. :-(

Muss ich denn wegen der Trojaner noch etwas machen oder bin ich "clean"?

TrojanZbot in ccsetupXXX.exe und Trojan.Generic kommt immer wieder

Log-Analyse und Auswertung: TrojanZbot in ccsetupXXX.exe und Trojan.Generic kommt immer wieder