Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner - Start im abgesicherten Modus wird herunter gefahren - Laptop wird sofort gesperrt (https://www.trojaner-board.de/168668-gvu-trojaner-start-abgesicherten-modus-herunter-gefahren-laptop-sofort-gesperrt.html)

wwwitch 13.07.2015 16:07
GVU Trojaner - Start im abgesicherten Modus wird herunter gefahren - Laptop wird sofort gesperrt
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Liebe Helfenden!

Wir wollen unserer Tochter unser ausrangiertes Laptop zum geburtstag schenken, dass vor einiger Zeit von diesem hinterlistigen Trojaner still gelegt wurde :pfui:

Es handelt sich um ein Acer Laptop mit Windows 7 installiert.
Ich würde nach Datensicherung (also wenn ich wieder drauf darf :crazy:) eine Neuinstallation machen.

Kann mir hier geholfen werden? Das wäre nahezu phantastisch!
Ich habe schon nach der super Anleitung das frst Logg File erstellt:

Öhm... ich habe es nun als Anlage hochgeladen - hoffe, das ist so richtig!

Viele Grüße und ich danke schon einmal sehr für jede Hilfe!!!!!!!!!

schrauber 13.07.2015 16:17
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

wwwitch 13.07.2015 16:27
Ah, alles klar, jetzt weiß ich, wie es geht :-)


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by SYSTEM on MININT-UFJ620D on 13-07-2015 16:41:35
Running from G:\
Platform: Windows 7 Ultimate (X86) OS Language: Englisch (USA)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2010-06-12] (Synaptics, Inc.)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\F-Secure\Common\FSM32.EXE [201384 2010-11-11] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] => C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [1655464 2010-11-11] (F-Secure Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [PS_MFPUtil] => C:\Program Files\MFP Network Adapter\PS_MFPUtil.exe [352256 2007-01-11] ()
HKLM\...\Run: [Babylon Client] => C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [3824056 2010-08-10] (Babylon Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [585728 2011-01-27] ()
HKU\CNR\...\Run: [] => [X]
HKU\CNR\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\CNR\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718720 2011-07-21] (Microsoft Corporation)
Startup: C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk [2010-06-12]
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2011-02-25]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlrltrg.lnk [2013-09-25]
ShortcutTarget: wlrltrg.lnk -> C:\ProgramData\grtlrlw.plz ()

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 F-Secure Gatekeeper Handler Starter; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [221864 2010-11-11] (F-Secure Corporation)
S3 FSDFWD; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [529064 2010-11-11] (F-Secure Corporation)
S2 FSMA; C:\Program Files\F-Secure\Common\FSMA32.EXE [189096 2010-11-11] (F-Secure Corporation)
S3 FSORSPClient; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [61088 2011-05-23] (F-Secure Corporation)
S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\grtlrlw.plz [155648 2013-09-25] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [62208 2006-10-25] (ENE Technology Inc.)
S3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [42240 2006-10-25] (ENE Technology Inc.)
S3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [76928 2006-10-25] (ENE Technology Inc.)
S3 F-Secure Gatekeeper; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [148632 2011-09-12] ()
S1 F-Secure HIPS; C:\Program Files\F-Secure\HIPS\drivers\fshs.sys [72520 2010-11-11] (F-Secure Corporation)
S0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [42672 2011-08-17] ()
S1 FSES; C:\Windows\System32\drivers\fses.sys [37832 2010-11-11] (F-Secure Corporation)
S1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72840 2010-11-11] (F-Secure Corporation)
S1 fsvista; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [14504 2010-11-11] ()
S3 NUSBCMP; C:\Windows\System32\DRIVERS\nusbcmp.sys [14336 2006-12-29] (SC)
S3 nusbhost; C:\Windows\System32\DRIVERS\nusbhst.sys [13824 2006-12-29] (SC)
S3 NUSBHUB; C:\Windows\System32\DRIVERS\nusbhub.sys [35840 2006-12-29] (SC)

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athr.sys 76BAB0C824E2D05B940C4DD40A9B08BF
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 36C252E474B2FFA0F0FBBFF20D92A640
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\EMS7SK.sys 1FA3F9DF8983873746FA6B72DD7E3C2C
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ESD7SK.sys 9C7487253AAD6BF61F9BC83D50E32CCC
C:\Windows\System32\DRIVERS\ESM7SK.sys 99589D975DA04F8BD31F124428FCC797
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys 29D12E1E45D93B45D2598E2663BBEFF4
C:\Program Files\F-Secure\HIPS\drivers\fshs.sys 91FC6A3C01A771A5AA65959A361C22C5
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fsbts.sys 343786E182B9C9AE3066E00DEC650F50
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\drivers\fses.sys 2A1860785BAFFBDFB957304245887714
C:\Windows\System32\drivers\fsdfw.sys F7E060C42827CE4854A8FF49843B041E
C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys 2EA92137184069AA8F366DC99F7C1031
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys 950CC1E6AE3A6CD23E0945CDE089B02C
C:\Windows\System32\DRIVERS\htcnprot.sys 339ADEFAD60353F960E3CA67CE468C24
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 0263364ACB9C834ACE52FB85C2C064EC
C:\Windows\System32\Drivers\ksecpkg.sys 27391DB553BE2A4E2B0ADEEA2873B2AF
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusbcmp.sys 34392046589880C1E56DBE034DA3E561
C:\Windows\System32\DRIVERS\nusbhst.sys C4A1BD5578C36434928CD82D0F17E54A
C:\Windows\System32\DRIVERS\nusbhub.sys 58816A350324FB665521565EBF6A6D52
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys E52B7A5010011C29063684CAC1A6BBF0
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpdr.sys C5FF95883FFEF704D50C40D21CFB3AB5
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 0399C725A9C95A6F1862B93F008DDF4A
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rtnicxp.sys 4E20765744BFBC16F6D6E5BD5598786B
C:\Windows\system32\DRIVERS\vms3cap.sys 5423D8437051E89DD34749F242C98648
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\DRIVERS\sdbus.sys 7B48CFF3A475FE849DEA65EC4D35C425
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:\Windows\System32\DRIVERS\srv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:\Windows\System32\DRIVERS\VSTAZL3.SYS E00FDFAFF025E94F9821153750C35A6D
C:\Windows\System32\DRIVERS\VSTDPV3.SYS CEB4E3B6890E1E42DCA6694D9E59E1A0
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS BC0C7EA89194C299F051C24119000E17
C:\Windows\System32\DRIVERS\srvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmstorfl.sys 957E346CA948668F2496A6CCF6FF82CC
C:\Windows\system32\DRIVERS\storvsc.sys D5751969DC3E4B88BF482AC8EC9FE019
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys F7A4250BB3E3AFCD4AF100E551509352
C:\Windows\System32\drivers\tcpip.sys 56C198AC82EFA622DD93E9E43575F79C
C:\Windows\System32\DRIVERS\tcpip.sys 56C198AC82EFA622DD93E9E43575F79C
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 2436A42AAB4AD48A9B714E5B0F344627
C:\Windows\System32\DRIVERS\usbccgp.sys C31AE588E403042632DC796CF09E30B0
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys E4C436D914768CE965D5E659BA7EEBD8
C:\Windows\System32\DRIVERS\usbhub.sys BDCD7156EC37448F08633FD899823620
C:\Windows\System32\DRIVERS\usbohci.sys EB2D819A639015253C871CDA09D91D58
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS 1C4287739A93594E57E2A9E6A3ED7353
C:\Windows\system32\drivers\usbuhci.sys 22480BF4E5A09192E5E30BA4DDE79FA4
C:\Windows\System32\Drivers\usbvideo.sys B5F6A992D996282B7FAE7048E50AF83A
C:\Windows\System32\DRIVERS\usb8023x.sys D82F43D15FDAA666856C0190CB73E7C9
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 379B349F65F453D2A6E75EA6B7448E49
C:\Windows\system32\DRIVERS\VMBusHID.sys EC2BBAB4B84D0738C6C83D2234DC36FE
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 16:41 - 2015-07-13 16:41 - 00000000 ____D C:\FRST
2015-07-13 04:52 - 2015-07-13 04:52 - 06420480 _____ C:\Program Files\GUT1FD3.tmp
2015-07-13 04:52 - 2015-07-13 04:52 - 00000000 ____D C:\Program Files\GUM1FC3.tmp

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 06:31 - 2013-09-25 07:12 - 00000000 _____ C:\ProgramData\wlrltrg.ctrl
2015-07-13 06:31 - 2010-09-08 00:22 - 00000000 ____D C:\ProgramData\Babylon
2015-07-13 06:30 - 2009-07-13 20:39 - 00061299 _____ C:\Windows\setupact.log
2015-07-13 06:08 - 2009-07-13 20:34 - 00019568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 06:08 - 2009-07-13 20:34 - 00019568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 06:05 - 2010-06-12 04:46 - 01423935 _____ C:\Windows\WindowsUpdate.log

Some files in TEMP:
====================
C:\Users\CNR\AppData\Local\Temp\0.5857993405176612.exe
C:\Users\CNR\AppData\Local\Temp\jgspkljtskjuggwjwuv.exe
C:\Users\CNR\AppData\Local\Temp\ose00000.exe
C:\Users\CNR\AppData\Local\Temp\setup_v3.0.5517.exe
C:\Users\CNR\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CNR\AppData\Local\Temp\_is350B.exe
C:\Users\CNR\AppData\Local\Temp\_is92ED.exe
C:\Users\CNR\AppData\Local\Temp\_isDE9C.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description            Windows Boot Manager
locale                  de-DE
inherit                {globalsettings}
default                {default}
resumeobject            {aeb3f4b0-7673-11df-84e4-9d1bb7b0fb71}
displayorder            {default}
toolsdisplayorder      {memdiag}
timeout                30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description            Windows 7
locale                  de-DE
inherit                {bootloadersettings}
recoverysequence        {current}
recoveryenabled        Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {aeb3f4b0-7673-11df-84e4-9d1bb7b0fb71}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\aeb3f4b2-7673-11df-84e4-9d1bb7b0fb71\Winre.wim,{aeb3f4b3-7673-11df-84e4-9d1bb7b0fb71}
path                    \windows\system32\winload.exe
description            Windows Recovery Environment
inherit                {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\aeb3f4b2-7673-11df-84e4-9d1bb7b0fb71\Winre.wim,{aeb3f4b3-7673-11df-84e4-9d1bb7b0fb71}
systemroot              \windows
nx                      OptIn
winpe                  Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {aeb3f4b0-7673-11df-84e4-9d1bb7b0fb71}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description            Windows Resume Application
locale                  de-DE
inherit                {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                    Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description            Windows-Speicherdiagnose
locale                  de-DE
inherit                {globalsettings}
badmemoryaccess        Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype              Serial
debugport              1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype    Serial
hypervisordebugport    1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {aeb3f4b3-7673-11df-84e4-9d1bb7b0fb71}
description            Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\aeb3f4b2-7673-11df-84e4-9d1bb7b0fb71\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 1022.17 MB
Available physical RAM: 398.58 MB
Total Virtual: 1022.17 MB
Available Virtual: 406.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:57.99 GB) (Free:1.03 GB) NTFS
Drive e: (DATEN) (Fixed) (Total:53.69 GB) (Free:41.12 GB) FAT32
Drive g: () (Removable) (Total:1.91 GB) (Free:1.91 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5EA4F703)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=53.7 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: FF475F20)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)


LastRegBack: 2013-09-23 07:03

==================== End of log ============================
--- --- ---

schrauber 14.07.2015 07:10
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Startup: C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlrltrg.lnk [2013-09-25]
ShortcutTarget: wlrltrg.lnk -> C:\ProgramData\grtlrlw.plz ()
C:\ProgramData\grtlrlw.plz
S2 Winmgmt; C:\ProgramData\grtlrlw.plz [155648 2013-09-25] ()
C:\Users\CNR\AppData\Local\Temp\0.5857993405176612.exe
C:\Users\CNR\AppData\Local\Temp\jgspkljtskjuggwjwuv.exe
C:\Users\CNR\AppData\Local\Temp\ose00000.exe
C:\Users\CNR\AppData\Local\Temp\setup_v3.0.5517.exe
C:\Users\CNR\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CNR\AppData\Local\Temp\_is350B.exe
C:\Users\CNR\AppData\Local\Temp\_is92ED.exe
C:\Users\CNR\AppData\Local\Temp\_isDE9C.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Rechner normal starten.

wwwitch 14.07.2015 14:01
Hi Schrauber,

erledigt; hier ist der Fixlog:

Code:
Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by SYSTEM at 2015-07-14 14:58:14 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
Startup: C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlrltrg.lnk [2013-09-25]
ShortcutTarget: wlrltrg.lnk -> C:\ProgramData\grtlrlw.plz ()
C:\ProgramData\grtlrlw.plz
S2 Winmgmt; C:\ProgramData\grtlrlw.plz [155648 2013-09-25] ()
C:\Users\CNR\AppData\Local\Temp\0.5857993405176612.exe
C:\Users\CNR\AppData\Local\Temp\jgspkljtskjuggwjwuv.exe
C:\Users\CNR\AppData\Local\Temp\ose00000.exe
C:\Users\CNR\AppData\Local\Temp\setup_v3.0.5517.exe
C:\Users\CNR\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CNR\AppData\Local\Temp\_is350B.exe
C:\Users\CNR\AppData\Local\Temp\_is92ED.exe
C:\Users\CNR\AppData\Local\Temp\_isDE9C.exe
       
*****************

C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlrltrg.lnk => moved successfully.
C:\ProgramData\grtlrlw.plz => moved successfully.
"C:\ProgramData\grtlrlw.plz" => File/Folder not found.
Winmgmt => Service restored successfully
C:\Users\CNR\AppData\Local\Temp\0.5857993405176612.exe => moved successfully.
C:\Users\CNR\AppData\Local\Temp\jgspkljtskjuggwjwuv.exe => moved successfully.
C:\Users\CNR\AppData\Local\Temp\ose00000.exe => moved successfully.
C:\Users\CNR\AppData\Local\Temp\setup_v3.0.5517.exe => moved successfully.
C:\Users\CNR\AppData\Local\Temp\SkypeSetup.exe => moved successfully.
C:\Users\CNR\AppData\Local\Temp\_is350B.exe => moved successfully.
C:\Users\CNR\AppData\Local\Temp\_is92ED.exe => moved successfully.
C:\Users\CNR\AppData\Local\Temp\_isDE9C.exe => moved successfully.

==== End of Fixlog 14:58:14 ====
Viele Grüße und herzlichen Dank schon einmal!

schrauber 15.07.2015 08:43
Startet der Rechner normal?

Wenn ja dann ab jezt alles vom Desktop aus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


wwwitch 15.07.2015 22:37
mmmhhhh

Rechner startet, GVU Sperrseite ist weg. Aber er hängt sich jedoch relativ schnell auf. Hab es mehrfach versucht, ich komm nicht dazu, frst runterzuladen.

Auch ohne Firefox hängt er sich auf, auch ohne Internet, sprich speichern via usb usw. klappt nicht.

Was nun wohl?

schrauber 16.07.2015 07:55
GEht einer der Safe Modes? Ansonsten nochmal einen frischen Scan aus der Recovery bitte.

wwwitch 16.07.2015 08:45
Guten Morgähn Schrauber,

natürlich geht einer der Modi (sorry)

Hier der Logg:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by CNR (administrator) on CNR-PC on 16-07-2015 09:21:09
Running from C:\Users\CNR\Desktop
Loaded Profiles: CNR (Available Profiles: CNR)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2010-06-12] (Synaptics, Inc.)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\F-Secure\Common\FSM32.EXE [201384 2010-11-11] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] => C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [1655464 2010-11-11] (F-Secure Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [PS_MFPUtil] => C:\Program Files\MFP Network Adapter\PS_MFPUtil.exe [352256 2007-01-11] ()
HKLM\...\Run: [Babylon Client] => C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [3824056 2010-08-10] (Babylon Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [585728 2011-01-27] ()
HKU\S-1-5-21-2951395798-552501079-809187365-1001\...\Run: [] => [X]
HKU\S-1-5-21-2951395798-552501079-809187365-1001\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-2951395798-552501079-809187365-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718720 2011-07-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK [2011-03-27]
ShortcutTarget: Corel MEDIA FOLDERS INDEXER 8.LNK -> C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)
Startup: C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk [2010-06-12]
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2011-02-25]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2951395798-552501079-809187365-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2951395798-552501079-809187365-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
URLSearchHook: HKLM - Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2951395798-552501079-809187365-1001 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2951395798-552501079-809187365-1001 - Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKU\S-1-5-21-2951395798-552501079-809187365-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
SearchScopes: HKU\S-1-5-21-2951395798-552501079-809187365-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: Winload Toolbar -> {40c3cc16-7269-4b32-9531-17f2950fb06f} -> C:\Program Files\Winload\tbWinl.dll [2010-03-17] (Conduit Ltd.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Babylon IE plugin -> {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -> C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2010-08-10] (Babylon Ltd.)
BHO: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Babylon-English Toolbar -> {ce18769b-c7fa-42d2-860d-17c4662c70ad} -> C:\Program Files\Babylon-English\tbBaby.dll [2010-06-13] (Conduit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-22] (Sun Microsystems, Inc.)
Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll [2010-03-17] (Conduit Ltd.)
Toolbar: HKLM - Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll [2010-06-13] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-2951395798-552501079-809187365-1001 -> Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll [2010-03-17] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-2951395798-552501079-809187365-1001 -> Babylon-English Toolbar - {CE18769B-C7FA-42D2-860D-17C4662C70AD} - C:\Program Files\Babylon-English\tbBaby.dll [2010-06-13] (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-04-18] (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Winsock: Catalog9 02 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Winsock: Catalog9 03 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Winsock: Catalog9 04 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Winsock: Catalog9 05 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Winsock: Catalog9 06 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Winsock: Catalog9 07 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Winsock: Catalog9 08 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Winsock: Catalog9 09 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Winsock: Catalog9 10 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Winsock: Catalog9 21 C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL [193704 2010-11-11] (F-Secure Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{130948D1-DFD1-46FA-87A4-D43EC6987351}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2F267B0A-151D-4EE4-9E81-351095B3889D}: [DhcpNameServer] 62.220.18.8 192.168.0.2
Tcpip\..\Interfaces\{3BC3EA17-4827-4D2B-B749-445D1CDA0524}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C3D33311-8FBB-44DA-A7EB-C1CC7FFB56A1}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF Homepage: hxxp://www.google.de
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2720081&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-06-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-01-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-01-20] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-09-22] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-04-01] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2010-08-13] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\searchplugins\conduit.xml [2010-03-24]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010-09-08]
FF Extension: No Name - C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\Extensions\Access Privileges Test [2015-07-13]
FF Extension: Winload Toolbar - C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010-06-28]
FF Extension: Babylon-English Toolbar - C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\Extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad} [2010-09-08]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-05-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-09-22]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-06-12]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-06-12]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-06-12]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-06-12]

Chrome:
=======
CHR Profile: C:\Users\CNR\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2010-09-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 F-Secure Gatekeeper Handler Starter; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [221864 2010-11-11] (F-Secure Corporation)
S3 FSDFWD; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [529064 2010-11-11] (F-Secure Corporation)
S2 FSMA; C:\Program Files\F-Secure\Common\FSMA32.EXE [189096 2010-11-11] (F-Secure Corporation)
S3 FSORSPClient; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [61088 2011-05-23] (F-Secure Corporation)
S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [62208 2006-10-25] (ENE Technology Inc.)
R3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [42240 2006-10-25] (ENE Technology Inc.)
R3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [76928 2006-10-25] (ENE Technology Inc.)
S3 F-Secure Gatekeeper; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [148632 2011-09-12] ()
S1 F-Secure HIPS; C:\Program Files\F-Secure\HIPS\drivers\fshs.sys [72520 2010-11-11] (F-Secure Corporation)
S0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [42672 2011-08-18] ()
S1 FSES; C:\Windows\System32\drivers\fses.sys [37832 2010-11-11] (F-Secure Corporation)
S1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72840 2010-11-11] (F-Secure Corporation)
S1 fsvista; C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [14504 2010-11-11] ()
S3 NUSBCMP; C:\Windows\System32\DRIVERS\nusbcmp.sys [14336 2006-12-29] (SC) [File not signed]
R3 nusbhost; C:\Windows\System32\DRIVERS\nusbhst.sys [13824 2006-12-29] (SC) [File not signed]
R3 NUSBHUB; C:\Windows\System32\DRIVERS\nusbhub.sys [35840 2006-12-29] (SC) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 09:21 - 2015-07-16 09:22 - 00015580 _____ C:\Users\CNR\Desktop\FRST.txt
2015-07-16 09:19 - 2015-07-16 09:20 - 01636864 _____ (Farbar) C:\Users\CNR\Desktop\FRST.exe
2015-07-14 15:04 - 2015-07-14 15:28 - 00000000 ____D C:\Users\CNR\Desktop\Sicherung_
2015-07-14 02:41 - 2015-07-16 09:21 - 00000000 ____D C:\FRST
2015-07-13 14:52 - 2015-07-13 14:52 - 06420480 _____ C:\Program Files\GUT1FD3.tmp
2015-07-13 14:52 - 2015-07-13 14:52 - 00000000 ____D C:\Program Files\GUM1FC3.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 23:29 - 2010-06-12 14:46 - 01254850 _____ C:\Windows\WindowsUpdate.log
2015-07-15 23:25 - 2010-09-08 10:22 - 00000000 ____D C:\ProgramData\Babylon
2015-07-15 23:25 - 2010-08-15 19:06 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 23:25 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-15 23:25 - 2009-07-14 06:39 - 00061803 _____ C:\Windows\setupact.log
2015-07-15 23:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-15 23:08 - 2009-07-14 06:34 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-15 23:08 - 2009-07-14 06:34 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-15 22:58 - 2010-08-15 19:07 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 17:05 - 2013-09-25 17:12 - 00000000 _____ C:\ProgramData\wlrltrg.ctrl

==================== Files in the root of some directories =======

2012-05-23 20:27 - 2012-05-23 20:27 - 3993600 _____ () C:\Program Files\GUT193C.tmp
2015-07-13 14:52 - 2015-07-13 14:52 - 6420480 _____ () C:\Program Files\GUT1FD3.tmp
2014-01-20 19:41 - 2014-01-20 19:41 - 49940480 _____ () C:\Program Files\GUT22D6.tmp
2014-01-20 19:47 - 2014-01-20 19:47 - 49940480 _____ () C:\Program Files\GUTAD91.tmp
2011-02-16 13:31 - 2011-02-16 13:31 - 0027227 _____ () C:\Users\CNR\AppData\Roaming\Persönliches Adressbuch.ADR
2013-09-25 17:43 - 2013-09-25 17:43 - 0016196 ____T () C:\ProgramData\clorf.exe
2010-08-15 19:15 - 2010-08-15 19:15 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-09-25 17:12 - 2015-07-13 17:05 - 0000000 _____ () C:\ProgramData\wlrltrg.ctrl
2013-09-25 17:10 - 2013-09-25 19:30 - 95025368 ____T () C:\ProgramData\wlrltrg.pff

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-23 17:03

==================== End of log ============================
--- --- ---


und Addition:

FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by CNR at 2015-07-16 09:22:48
Running from C:\Users\CNR\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2951395798-552501079-809187365-500 - Administrator - Disabled)
CNR (S-1-5-21-2951395798-552501079-809187365-1001 - Administrator - Enabled) => C:\Users\CNR
Gast (S-1-5-21-2951395798-552501079-809187365-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: F-Secure Anti-Virus 2011 10.51 (Enabled - Out of date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: F-Secure Anti-Virus 2011 10.51 (Enabled - Out of date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{C0C3E596-F6ED-79FF-C1E2-920ED673B5F3}) (Version: 3.0.604.0 - ATI Technologies, Inc.)
Babylon (HKLM\...\Babylon) (Version:  - Babylon)
Babylon-English Toolbar (HKLM\...\Babylon-English Toolbar) (Version: 5.7.2.2 - Babylon-English) <==== ATTENTION
Branding (Version: 1.00.0000 - Your Company Name) Hidden
ccc-core-static (Version: 0108.2146.2565.38893 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Uninstaller (HKLM\...\Corel Uninstaller) (Version:  - )
EAR 13 (HKLM\...\{5884BC9C-7A0F-4BFF-8CD2-3AA26DFCCA98}) (Version: 13.0.3 - Internet Design & EDV Entwiclung - Michael Hertlein)
EAR 14 (HKLM\...\{A576976A-6B9D-4979-B039-921D14F27AA9}) (Version: 14.0.3 - Internet Design & EDV Entwiclung - Michael Hertlein)
FastStone Image Viewer 3.1 (HKLM\...\FastStone Image Viewer) (Version: 3.1 - FastStone Soft)
Fotosizer 1.30 (HKLM\...\Fotosizer) (Version: 1.30 - Fotosizer.com)
F-Secure Anti-Virus 2011 (HKLM\...\F-Secure Product 303) (Version:  - )
F-Secure PSC Prerequisites (Version: 1.0.5 - F-Secure Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 29.0.1547.76 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.005 - HTC Corporation)
HTC Sync (HKLM\...\{923E3957-F939-453A-BD55-41CFB8D7F211}) (Version: 3.0.5517 - HTC)
Internet-TV für Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
MFP Network Adapter (HKLM\...\{7832C74F-0CA6-4F57-BB27-631F33031336}) (Version: 1.00.2000 - Sercomm)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox (3.6.3) (HKLM\...\Mozilla Firefox (3.6.3)) (Version: 3.6.3 (de) - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PaperPort (HKLM\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0823 - ScanSoft, Inc.)
PDF Creator (Remove Only) (HKLM\...\PDF Creator) (Version:  - )
Ruff-Tech (HKLM\...\Ruff-FTP_is1) (Version: 2.61 prof. - Ruff-Tech)
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7280 - Skype Technologies S.A.)
Skype™ 5.3 (HKLM\...\{5335DADB-34BA-4AE8-A519-648D78498846}) (Version: 5.3.111 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.3.0 - Synaptics)
TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.1.9385  - TeamViewer GmbH)
Uniblue RegistryBooster 2010 (HKLM\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version:  - Uniblue Systems Ltd)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Winload Toolbar (HKLM\...\Winload Toolbar) (Version:  - )
WISO EÜR & Kasse 2010 (HKLM\...\{52D4013E-3FEC-4C08-AAA8-CC24985A04E1}) (Version: 17.08.6697 - Buhl Data Service GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4870E37A-55FC-46BD-B6AB-DBDD5653417D} - System32\Tasks\{60C0DDCA-2966-4CC8-89AD-A44B2B77E57A} => pcalua.exe -a "C:\Program Files\MFP Network Adapter\PS_MFPUtil.exe"
Task: {4D3A8378-101F-4549-81A8-4E82FFE6C519} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)
Task: {73E9014E-28A9-4896-8033-BBFC5A90DD80} - System32\Tasks\{75B3DF89-055C-4315-9121-27971EBE3B87} => C:\Program Files\Skype\Phone\Skype.exe [2011-04-18] (Skype Technologies S.A.)
Task: {A4464B65-31B2-435D-A8FE-F6C87ECA5938} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-01-27] ()
Task: {DE6CCFF9-CDEE-42D5-A3C4-259A62306571} - System32\Tasks\{3CC78565-EFFE-4218-81F4-E0C7726E036C} => pcalua.exe -a C:\Users\CNR\Downloads\org_disc\org_disc\SetupWizard.exe -d C:\Users\CNR\Downloads\org_disc\org_disc
Task: {ED82B5AB-879C-473B-92BB-D567DC69AEBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-27 10:31 - 1997-11-18 18:34 - 00907264 ____N () C:\Corel\Graphics8\programs\CMFFld80.dll
2006-12-19 19:16 - 2006-12-19 19:16 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2010-06-12 16:27 - 2010-04-01 20:00 - 01015256 _____ () C:\Program Files\Mozilla Firefox\js3250.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2951395798-552501079-809187365-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{56B479B4-C5A7-4E87-8233-813EC769F91C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2AFB1027-23D0-412F-B144-4945082E6B82}] => (Allow) C:\Users\CNR\Downloads\pdf_converter.exe
FirewallRules: [{37899C55-1AFB-4E27-96BD-808BA40508A0}] => (Allow) C:\Users\CNR\Downloads\pdf_converter.exe
FirewallRules: [{E4C1F3F8-E819-4E3E-9783-A2A9525A4FFB}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{4B4FEE8D-C7DE-416B-8CF7-E36BB8ACBF14}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{1777BFC5-27B4-4F7D-9822-2324E3312C11}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
FirewallRules: [{4F83A7CB-5FEE-43B5-AEE1-0BD8F3AF52D8}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
FirewallRules: [TCP Query User{D6C2B625-25C2-4C30-9438-E005F4125FC5}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{A699AD3C-AB97-4C00-8C0F-D977388F6ACB}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [{6B126D5F-9D65-4947-97EB-32A1497C37AA}] => (Allow) E:\DVD-Start.exe
FirewallRules: [{6B8500E0-6812-4CF5-88DF-C5192681FC79}] => (Allow) E:\DVD-Start.exe
FirewallRules: [TCP Query User{467AE979-6127-4D4A-9541-71FFDF303D52}C:\program files\ruff-tech\ruff-ftp\ftpsck.exe] => (Allow) C:\program files\ruff-tech\ruff-ftp\ftpsck.exe
FirewallRules: [UDP Query User{9BDBF435-EF39-48A6-9FAB-DB5CEF1723D5}C:\program files\ruff-tech\ruff-ftp\ftpsck.exe] => (Allow) C:\program files\ruff-tech\ruff-ftp\ftpsck.exe

==================== Faulty Device Manager Devices =============

Name: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Description: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: fsbts
Description: fsbts
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: fsbts
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/16/2015 09:21:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/16/2015 09:21:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/16/2015 09:21:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.


System errors:
=============
Error: (07/16/2015 09:20:34 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (07/16/2015 09:20:34 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (07/16/2015 09:20:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/16/2015 09:20:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/16/2015 09:20:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/16/2015 09:15:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/16/2015 09:15:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/16/2015 09:15:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/16/2015 09:15:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/16/2015 09:15:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office:
=========================
Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/16/2015 09:21:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/16/2015 09:21:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/16/2015 09:21:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/16/2015 09:21:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


==================== Memory info ===========================

Processor: AMD Turion(tm) 64 Mobile Technology MK-36
Percentage of memory in use: 47%
Total physical RAM: 1022.17 MB
Available physical RAM: 533.76 MB
Total Virtual: 2046.17 MB
Available Virtual: 1592.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:57.99 GB) (Free:1.03 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:53.69 GB) (Free:33.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5EA4F703)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=53.7 GB) - (Type=0C)

==================== End of log ============================
--- --- ---

--- --- ---

schrauber 16.07.2015 10:11
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

wwwitch 17.07.2015 14:02
Hi Schrauber,

ereldigt. Combofix hat F-Secure (das Virenprogramm) angemeckert, ich hatte es im Vorfeld deinstalliert und den Rechner neu gestartet.

Hier ist die combofix.txt:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 15-07-16.01 - CNR 17.07.2015  13:48:29.2.1 - x86 NETWORK
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.1022.504 [GMT 2:00]
ausgeführt von:: c:\users\CNR\Desktop\ComboFix.exe
AV: F-Secure Anti-Virus 2011 10.51 *Enabled/Outdated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Anti-Virus 2011 10.51 *Enabled/Outdated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files\Skype\Phone\Skype.exe
c:\users\CNR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Silverlight.exe
c:\windows\system32\bszip.dll
.
c:\windows\system32\user32.dll . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-17 bis 2015-07-17  ))))))))))))))))))))))))))))))
.
.
2015-07-17 09:58 . 2015-07-17 09:59        --------        d-----w-        c:\program files\GUM442E.tmp
2015-07-17 09:58 . 2015-07-17 09:58        0        ----a-w-        c:\program files\GUT442F.tmp
2015-07-14 00:41 . 2015-07-16 07:23        --------        d-----w-        C:\FRST
2015-07-13 12:52 . 2015-07-13 12:52        --------        d-----w-        c:\program files\GUM1FC3.tmp
2015-07-13 12:52 . 2015-07-13 12:52        6420480        ----a-w-        c:\program files\GUT1FD3.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-20 17:47 . 2014-01-20 17:47        49940480        ----a-w-        c:\program files\GUTAD91.tmp
2014-01-20 17:41 . 2014-01-20 17:41        49940480        ----a-w-        c:\program files\GUT22D6.tmp
2012-05-23 18:27 . 2012-05-23 18:27        3993600        ----a-w-        c:\program files\GUT193C.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{ce18769b-c7fa-42d2-860d-17c4662c70ad}"= "c:\program files\Babylon-English\tbBaby.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45        2355224        ----a-w-        c:\program files\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
2010-06-13 17:10        2734688        ----a-w-        c:\program files\Babylon-English\tbBaby.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{ce18769b-c7fa-42d2-860d-17c4662c70ad}"= "c:\program files\Babylon-English\tbBaby.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{CE18769B-C7FA-42D2-860D-17C4662C70AD}"= "c:\program files\Babylon-English\tbBaby.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-12 815104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"PS_MFPUtil"="c:\program files\MFP Network Adapter\PS_MFPUtil.exe" [2007-01-11 352256]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-08-10 3824056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
.
c:\users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE /TrayOnly [2011-6-12 31125880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Corel MEDIA FOLDERS INDEXER 8.LNK - c:\corel\Graphics8\Programs\MFIndexer.exe   [2011-3-27 83456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 NUSBCMP;Network USB Composite Device;c:\windows\system32\DRIVERS\nusbcmp.sys [2006-12-29 14336]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 nusbhost;Network USB Host Controller;c:\windows\system32\DRIVERS\nusbhst.sys [2006-12-29 13824]
S3 NUSBHUB;Network USB Root Hub;c:\windows\system32\DRIVERS\nusbhub.sys [2006-12-29 35840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-23 11:53        1177552        ----a-w-        c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 12:52]
.
2015-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 12:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2720081&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1856)
c:\windows\system32\NetworkExplorer.dll
.
Zeit der Fertigstellung: 2015-07-17  14:00:12
ComboFix-quarantined-files.txt  2015-07-17 12:00
.
Vor Suchlauf: 5.186.809.856 Bytes frei
Nach Suchlauf: 5.110.161.408 Bytes frei
.
- - End Of File - - 6BF37495659E66BF8F8E06AD98D270F0

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
Viele Grüße!

schrauber 18.07.2015 09:18
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

wwwitch 19.07.2015 19:16
Hi Schrauber,

so, alles erledigt! :crazy:

Hier die Logs:

Anti Malware:

Code:


<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log> -<header> <date>2015/07/19 16:54:43 +0200</date> <logfile>mbam-log-2015-07-19 (16-54-42).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.01.6.1022</version> <malware-database>v2015.03.09.05</malware-database> <rootkit-database>v2015.02.25.01</rootkit-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows 7</osversion> <arch>x86</arch> <username>CNR</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>318480</objects> <time>1272</time> <processes>0</processes> <modules>0</modules> <keys>2</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>9</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> -<items> -<key><path>HKU\S-1-5-21-2951395798-552501079-809187365-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>e396172c3357310526c755c611f2946c</hash></key> -<key><path>HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dhkplhfnhceodhffomolpfigojocbpcb</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>b6c3c182c1c9ad89e94f7caffa0bf40c</hash></key> -<file><path>C:\Users\CNR\Downloads\SoftonicDownloader_fuer_ruff-ftp.exe</path><vendor>PUP.OfferBundler.ST</vendor><action>success</action><hash>9cdd55eee8a29d9941a14f66639dee12</hash></file> -<file><path>C:\Users\CNR\Downloads\fsSetup130.exe</path><vendor>PUP.Optional.DealioTB.A</vendor><action>success</action><hash>accd63e0bdcddc5a45d1f9fb808536ca</hash></file> -<file><path>C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\searchplugins\conduit.xml</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>9ddc7fc49deddf57655369818b786898</hash></file> -<file><path>C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>33464ff4137793a35b3e905f4bb86a96</hash></file> -<file><path>C:\Users\CNR\AppData\Local\Google\Chrome\User Data\Default\Preferences</path><vendor>PUP.Optional.Babylon.A</vendor><action>replaced</action><baddata> "homepage": "hxxp://search.babylon.com/home?AF=14437",</baddata><gooddata/><hash>ff7a82c1bdcdc076d1a00b14f80eba46</hash></file> -<file><path>C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\prefs.js</path><vendor>PUP.Optional.Conduit.A</vendor><action>replaced</action><baddata>user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2720081&q=");</baddata><gooddata/><hash>384175cee4a60e28b49353ccff07817f</hash></file> -<file><path>C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\prefs.js</path><vendor>PUP.Optional.Conduit.A</vendor><action>replaced</action><baddata>user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");</baddata><gooddata/><hash>3c3d2b181575d4620f493de2ed19af51</hash></file> -<file><path>C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\prefs.js</path><vendor>PUP.Optional.Conduit.A</vendor><action>replaced</action><baddata>user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");</baddata><gooddata/><hash>4138e1621476d6602e2be7389076dc24</hash></file> -<file><path>C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\prefs.js</path><vendor>PUP.Optional.Conduit.A</vendor><action>replaced</action><baddata>entLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_</baddata><gooddata/><hash>f8814ef5b5d5a98d80d954cb14f2cf31</hash></file> </items> </mbam-log>
ADW Cleaner:

AdwCleaner Logfile:
Code:
# AdwCleaner v4.208 - Bericht erstellt 19/07/2015 um 19:11:53
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Ultimate  (x86)
# Benutzername : CNR - CNR-PC
# Gestarted von : C:\Users\CNR\Downloads\AdwCleaner_4.208.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js
Datei Gefunden : C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js
Datei Gefunden : C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js
Datei Gefunden : C:\Program Files\Mozilla Firefox\defaults\pref\reporter.js
Datei Gefunden : C:\Users\CNR\AppData\Local\GDIPFONTCACHEV1.DAT
Datei Gefunden : C:\Users\CNR\AppData\Roaming\GDIPFONTCACHEV1.DAT
Datei Gefunden : C:\Users\CNR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
Datei Gefunden : C:\Users\Public\Desktop\Babylon.lnk
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\Program Files\Babylon-English
Ordner Gefunden : C:\Program Files\Babylon-English
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\Uniblue
Ordner Gefunden : C:\Program Files\Winload
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gefunden : C:\Users\CNR\AppData\Local\Babylon
Ordner Gefunden : C:\Users\CNR\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\CNR\AppData\LocalLow\Babylon-English
Ordner Gefunden : C:\Users\CNR\AppData\LocalLow\Babylon-English
Ordner Gefunden : C:\Users\CNR\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\CNR\AppData\LocalLow\Winload
Ordner Gefunden : C:\Users\CNR\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gefunden : C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\Extensions\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Ordner Gefunden : C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\Extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
Ordner Gefunden : C:\Users\CNR\AppData\Roaming\Uniblue

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Babylon-English
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\winload
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gefunden : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gefunden : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CE18769B-C7FA-42D2-860D-17C4662C70AD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18CEE25D-54E9-4F16-99A0-4FA0F79C2267}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B96899B-026B-46FE-887D-4CED87AD4184}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE18769B-C7FA-42D2-860D-17C4662C70AD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Babylon-English
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.bdc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.bgl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.bof
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{18CEE25D-54E9-4F16-99A0-4FA0F79C2267}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2B96899B-026B-46FE-887D-4CED87AD4184}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CE18769B-C7FA-42D2-860D-17C4662C70AD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2720081
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE18769B-C7FA-42D2-860D-17C4662C70AD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{18CEE25D-54E9-4F16-99A0-4FA0F79C2267}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2B96899B-026B-46FE-887D-4CED87AD4184}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon-English Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue
Schlüssel Gefunden : HKLM\SOFTWARE\Winload
Schlüssel Gefunden : HKLM\SOFTWARE\winload
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CE18769B-C7FA-42D2-860D-17C4662C70AD}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CE18769B-C7FA-42D2-860D-17C4662C70AD}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CE18769B-C7FA-42D2-860D-17C4662C70AD}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CE18769B-C7FA-42D2-860D-17C4662C70AD}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v3.6.3 (de)

[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2319825&octid=EB_ORIGINAL_CTID&SearchSource=1");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2720081&octid=EB_ORIGINAL_CTID&SearchSource=1");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2720081&q=");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CT2720081.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2319825,CT2720081");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825,CT2720081");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Mar 22 2011 19:16:32 GMT+0100");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Tue Mar 22 2011 19:35:32 GMT+0100");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CommunityToolbar.twitter.user_2557521.LastCheckTime", "Tue Mar 22 2011 19:35:32 GMT+0100");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Mar 22 2011 19:35:32 GMT+0100");
[fv70rbu0.default] - Zeile Gefunden : user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Tue Mar 22 2011 19:35:32 GMT+0100");
[fv70rbu0.default] - Zeile Gefunden : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
[fv70rbu0.default] - Zeile Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");
[fv70rbu0.default] - Zeile Gefunden : user_pref("extensions.enabledItems", "{ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280,{972ce4c6-7e08-4474[...]
[fv70rbu0.default] - Zeile Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2720081&q=");

-\\ Google Chrome v43.0.2357.134

[C:\Users\CNR\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&hl={language}&AF=14437

*************************

AdwCleaner[R0].txt - [20655 Bytes] - [19/07/2015 19:07:02]
AdwCleaner[R1].txt - [20575 Bytes] - [19/07/2015 19:11:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [20635 Bytes] ##########
--- --- ---

[/CODE]

JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Ultimate x86
Ran by CNR on 19.07.2015 at 19:37:19,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files

Successfully deleted: [File] C:\Program Files\GUT193C.tmp
Successfully deleted: [File] C:\Program Files\GUT1FD3.tmp
Successfully deleted: [File] C:\Program Files\GUT22D6.tmp
Successfully deleted: [File] C:\Program Files\GUT442F.tmp
Successfully deleted: [File] C:\Program Files\GUTAD91.tmp



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\CNR\AppData\Roaming\mozilla\firefox\profiles\fv70rbu0.default\prefs.js

user_pref(CT2319825.CTID, CT2319825);
user_pref(CT2319825.CurrentServerDate, 22-9-2010);
user_pref(CT2319825.DialogsAlignMode, LTR);
user_pref(CT2319825.DownloadReferralCookieData, );
user_pref(CT2319825.EMailNotifierPollDate, Wed Sep 22 2010 17:37:59 GMT+0200);
user_pref(CT2319825.FeedLastCount128902288263982011, 100);
user_pref(CT2319825.FeedLastCount129056115025381886, 50);
user_pref(CT2319825.FeedLastCount129098533413278042, 0);
user_pref(CT2319825.FeedPollDate11908299, Wed Sep 22 2010 17:32:59 GMT+0200);
user_pref(CT2319825.FeedPollDate128902288263982011, Mon Aug 16 2010 19:42:18 GMT+0200);
user_pref(CT2319825.FeedPollDate129056115025381886, Wed Aug 25 2010 19:55:17 GMT+0200);
user_pref(CT2319825.FeedPollDate129098533413278042, Mon Jul 12 2010 23:02:04 GMT+0200);
user_pref(CT2319825.FeedPollDate129228016461601757, Mon Aug 16 2010 19:42:18 GMT+0200);
user_pref(CT2319825.FeedPollDate129228019840048158, Mon Aug 16 2010 19:42:18 GMT+0200);
user_pref(CT2319825.FeedPollDate129228021559110981, Mon Aug 16 2010 19:42:13 GMT+0200);
user_pref(CT2319825.FeedPollDate129228022849107630, Mon Aug 16 2010 19:42:18 GMT+0200);
user_pref(CT2319825.FirstServerDate, 29-6-2010);
user_pref(CT2319825.FirstTime, true);
user_pref(CT2319825.FirstTimeFF3, true);
user_pref(CT2319825.FirstTimeSettingsDone, true);
user_pref(CT2319825.FixPageNotFoundErrors, true);
user_pref(CT2319825.GroupingServerCheckInterval, 1440);
user_pref(CT2319825.Initialize, true);
user_pref(CT2319825.InitializeCommonPrefs, true);
user_pref(CT2319825.InstallationAndCookieDataSentCount, 3);
user_pref(CT2319825.InstalledDate, Tue Jun 29 2010 07:09:38 GMT+0200);
user_pref(CT2319825.InvalidateCache, false);
user_pref(CT2319825.IsGrouping, false);
user_pref(CT2319825.IsMulticommunity, false);
user_pref(CT2319825.IsOpenThankYouPage, false);
user_pref(CT2319825.IsOpenUninstallPage, true);
user_pref(CT2319825.LanguagePackLastCheckTime, Tue Sep 21 2010 18:57:58 GMT+0200);
user_pref(CT2319825.LanguagePackReloadIntervalMM, 1440);
user_pref(CT2319825.LastLogin_2.5.8.6, Wed Sep 08 2010 09:22:01 GMT+0200);
user_pref(CT2319825.LastLogin_2.7.2.0, Wed Sep 22 2010 15:21:43 GMT+0200);
user_pref(CT2319825.LatestVersion, 2.7.2.0);
user_pref(CT2319825.Locale, de);
user_pref(CT2319825.LoginCache, 4);
user_pref(CT2319825.MCDetectTooltipHeight, 83);
user_pref(CT2319825.MCDetectTooltipUrl, hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1);
user_pref(CT2319825.MCDetectTooltipWidth, 295);
user_pref(CT2319825.RadioIsPodcast, false);
user_pref(CT2319825.RadioLastCheckTime, Tue Sep 21 2010 18:58:08 GMT+0200);
user_pref(CT2319825.RadioLastUpdateIPServer, 3);
user_pref(CT2319825.RadioLastUpdateServer, 129224641269630000);
user_pref(CT2319825.RadioMediaID, 11949532);
user_pref(CT2319825.RadioMediaType, Media Player);
user_pref(CT2319825.RadioMenuSelectedID, EBRadioMenu_CT231982511949532);
user_pref(CT2319825.RadioStationName, 1Live);
user_pref(CT2319825.RadioStationURL, hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a);
user_pref(CT2319825.SHRINK_TOOLBAR, 1);
user_pref(CT2319825.SavedHomepage, resource:/browserconfig.properties);
user_pref(CT2319825.SearchFromAddressBarIsInit, true);
user_pref(CT2319825.SearchInNewTabEnabled, true);
user_pref(CT2319825.SearchInNewTabIntervalMM, 1440);
user_pref(CT2319825.SearchInNewTabLastCheckTime, Tue Sep 21 2010 18:57:56 GMT+0200);
user_pref(CT2319825.SettingsCheckIntervalMin, 120);
user_pref(CT2319825.SettingsLastCheckTime, Wed Sep 22 2010 17:33:24 GMT+0200);
user_pref(CT2319825.SettingsLastUpdate, 1284971663);
user_pref(CT2319825.ThirdPartyComponentsInterval, 504);
user_pref(CT2319825.ThirdPartyComponentsLastCheck, Wed Sep 01 2010 21:28:02 GMT+0200);
user_pref(CT2319825.ThirdPartyComponentsLastUpdate, 1279443065);
user_pref(CT2319825.TrusteLinkUrl, hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112);
user_pref(CT2319825.UserID, UN64296761639245992);
user_pref(CT2319825.ValidationData_Toolbar, 2);
user_pref(CT2319825.WeatherNetwork, );
user_pref(CT2319825.WeatherPollDate, Wed Sep 22 2010 17:32:58 GMT+0200);
user_pref(CT2319825.WeatherUnit, C);
user_pref(CT2319825.alertChannelId, 715912);
user_pref(CT2319825.backendstorage.shpngrd_evnts, 31);
user_pref(CT2319825.backendstorage.shpngrdglblcfg, 7B7265662020202020203A2027776E6C64272C206665656420202020203A207B2075726C203A2027687474703A2F2F636E66672E73686F7070696E677
user_pref(CT2319825.clientLogIsEnabled, true);
user_pref(CT2319825.myStuffEnabled, true);
user_pref(CT2319825.myStuffPublihserMinWidth, 400);
user_pref(CT2319825.myStuffServiceIntervalMM, 1440);
user_pref(CT2720081.CTID, CT2720081);
user_pref(CT2720081.CurrentServerDate, 22-3-2011);
user_pref(CT2720081.DialogsAlignMode, LTR);
user_pref(CT2720081.DownloadReferralCookieData, );
user_pref(CT2720081.EMailNotifierPollDate, Tue Mar 22 2011 20:18:27 GMT+0100);
user_pref(CT2720081.FeedLastCount129248891425073064, 200);
user_pref(CT2720081.FeedPollDate129225116238185771, Tue Mar 22 2011 20:13:54 GMT+0100);
user_pref(CT2720081.FeedPollDate129225147492879732, Tue Mar 22 2011 20:13:54 GMT+0100);
user_pref(CT2720081.FeedPollDate129245643951202078, Tue Mar 22 2011 19:52:58 GMT+0100);
user_pref(CT2720081.FeedPollDate129245643951202084, Tue Mar 22 2011 20:13:54 GMT+0100);
user_pref(CT2720081.FeedTTL129225116238185771, 40);
user_pref(CT2720081.FeedTTL129225147492879732, 40);
user_pref(CT2720081.FeedTTL129245643951202078, 40);
user_pref(CT2720081.FeedTTL129245643951202084, 40);
user_pref(CT2720081.FirstServerDate, 8-9-2010);
user_pref(CT2720081.FirstTime, true);
user_pref(CT2720081.FirstTimeFF3, true);
user_pref(CT2720081.FirstTimeSettingsDone, true);
user_pref(CT2720081.FixPageNotFoundErrors, true);
user_pref(CT2720081.GroupingServerCheckInterval, 1440);
user_pref(CT2720081.Initialize, true);
user_pref(CT2720081.InitializeCommonPrefs, true);
user_pref(CT2720081.InstallationAndCookieDataSentCount, 3);
user_pref(CT2720081.InstallationType, UnknownIntegration);
user_pref(CT2720081.InstalledDate, Wed Sep 08 2010 10:24:04 GMT+0200);
user_pref(CT2720081.InvalidateCache, false);
user_pref(CT2720081.IsGrouping, false);
user_pref(CT2720081.IsMulticommunity, false);
user_pref(CT2720081.IsOpenThankYouPage, false);
user_pref(CT2720081.IsOpenUninstallPage, true);
user_pref(CT2720081.LanguagePackLastCheckTime, Tue Mar 22 2011 01:06:52 GMT+0100);
user_pref(CT2720081.LanguagePackReloadIntervalMM, 1440);
user_pref(CT2720081.LastLogin_2.7.2.0, Tue Mar 22 2011 16:35:26 GMT+0100);
user_pref(CT2720081.LatestVersion, 3.2.5.2);
user_pref(CT2720081.Locale, en);
user_pref(CT2720081.LoginCache, 4);
user_pref(CT2720081.MCDetectTooltipHeight, 83);
user_pref(CT2720081.MCDetectTooltipUrl, hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1);
user_pref(CT2720081.MCDetectTooltipWidth, 295);
user_pref(CT2720081.RadioIsPodcast, false);
user_pref(CT2720081.RadioLastCheckTime, Tue Mar 22 2011 19:07:52 GMT+0100);
user_pref(CT2720081.RadioLastUpdateIPServer, 3);
user_pref(CT2720081.RadioLastUpdateServer, 129248947734170000);
user_pref(CT2720081.RadioMediaID, 21079850);
user_pref(CT2720081.RadioMediaType, Media Player);
user_pref(CT2720081.RadioMenuSelectedID, EBRadioMenu_CT272008121079850);
user_pref(CT2720081.RadioStationName, AHL%20-%20Grand%20Rapids%20Griffins);
user_pref(CT2720081.RadioStationURL, hxxp://cdncon.wm.llnwd.net/cdncon_neulion1_ahl_griffins?eid=2037&pid=2037&gid=101]]);
user_pref(CT2720081.SHRINK_TOOLBAR, 1);
user_pref(CT2720081.SearchBoxWidth, 151);
user_pref(CT2720081.SearchFromAddressBarIsInit, true);
user_pref(CT2720081.SearchInNewTabEnabled, true);
user_pref(CT2720081.SearchInNewTabIntervalMM, 1440);
user_pref(CT2720081.SearchInNewTabLastCheckTime, Tue Mar 22 2011 19:16:26 GMT+0100);
user_pref(CT2720081.SettingsCheckIntervalMin, 120);
user_pref(CT2720081.SettingsLastCheckTime, Tue Mar 22 2011 19:10:57 GMT+0100);
user_pref(CT2720081.SettingsLastUpdate, 1299595261);
user_pref(CT2720081.ThirdPartyComponentsInterval, 504);
user_pref(CT2720081.ThirdPartyComponentsLastCheck, Tue Mar 22 2011 09:07:28 GMT+0100);
user_pref(CT2720081.ThirdPartyComponentsLastUpdate, 1246790578);
user_pref(CT2720081.UserID, UN81407421806237096);
user_pref(CT2720081.ValidationData_Search, 1);
user_pref(CT2720081.ValidationData_Toolbar, 2);
user_pref(CT2720081.WeatherNetwork, );
user_pref(CT2720081.WeatherPollDate, Tue Mar 22 2011 20:06:59 GMT+0100);
user_pref(CT2720081.WeatherUnit, C);
user_pref(CT2720081.alertChannelId, 1112366);
user_pref(CT2720081.backendstorage.ct2720081ads1, 25374225323261647325323225334125354225374225323261696425323225334125323231303339312532322532432532327469746C65253232253341
user_pref(CT2720081.backendstorage.ct2720081current_term, );
user_pref(CT2720081.backendstorage.ct2720081sdate, 3232);
user_pref(CT2720081.clientLogIsEnabled, true);
user_pref(CT2720081.myStuffEnabled, true);
user_pref(CT2720081.myStuffPublihserMinWidth, 400);
user_pref(CT2720081.myStuffServiceIntervalMM, 1440);



~~~ Chrome


[C:\Users\CNR\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\CNR\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\CNR\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\CNR\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.07.2015 at 19:43:48,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und hier noch Frst:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2015 01
Ran by CNR (administrator) on CNR-PC on 19-07-2015 19:55:18
Running from C:\Users\CNR\Desktop
Loaded Profiles: CNR (Available Profiles: CNR)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2010-06-12] (Synaptics, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [PS_MFPUtil] => C:\Program Files\MFP Network Adapter\PS_MFPUtil.exe [352256 2007-01-11] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [585728 2011-01-27] ()
HKU\S-1-5-21-2951395798-552501079-809187365-1001\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-2951395798-552501079-809187365-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718720 2011-07-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK [2011-03-27]
ShortcutTarget: Corel MEDIA FOLDERS INDEXER 8.LNK -> C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)
Startup: C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk [2010-06-12]
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2011-02-25]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2951395798-552501079-809187365-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2951395798-552501079-809187365-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-04-18] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{130948D1-DFD1-46FA-87A4-D43EC6987351}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2F267B0A-151D-4EE4-9E81-351095B3889D}: [DhcpNameServer] 62.220.18.8 192.168.0.2
Tcpip\..\Interfaces\{3BC3EA17-4827-4D2B-B749-445D1CDA0524}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C3D33311-8FBB-44DA-A7EB-C1CC7FFB56A1}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-06-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-09-22] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-04-01] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2010-08-13] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\CNR\AppData\Roaming\Mozilla\Firefox\Profiles\fv70rbu0.default\Extensions\Access Privileges Test [2015-07-13]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-05-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-09-22]

Chrome:
=======
CHR Profile: C:\Users\CNR\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [62208 2006-10-25] (ENE Technology Inc.)
R3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [42240 2006-10-25] (ENE Technology Inc.)
R3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [76928 2006-10-25] (ENE Technology Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 NUSBCMP; C:\Windows\System32\DRIVERS\nusbcmp.sys [14336 2006-12-29] (SC) [File not signed]
R3 nusbhost; C:\Windows\System32\DRIVERS\nusbhst.sys [13824 2006-12-29] (SC) [File not signed]
R3 NUSBHUB; C:\Windows\System32\DRIVERS\nusbhub.sys [35840 2006-12-29] (SC) [File not signed]
S3 catchme; \??\C:\Users\CNR\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 19:55 - 2015-07-19 19:55 - 00009812 _____ C:\Users\CNR\Desktop\FRST.txt
2015-07-19 19:55 - 2015-07-19 19:55 - 00000000 ____D C:\Users\CNR\Desktop\FRST-OlderVersion
2015-07-19 19:36 - 2015-07-19 19:36 - 01798288 _____ (Malwarebytes Corporation) C:\Users\CNR\Downloads\JRT751.exe
2015-07-19 19:17 - 2015-07-19 19:17 - 00124128 _____ C:\Users\CNR\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-19 19:05 - 2015-07-19 19:14 - 00000000 ____D C:\AdwCleaner
2015-07-19 19:01 - 2015-07-19 19:01 - 02248704 _____ C:\Users\CNR\Downloads\AdwCleaner_4.208.exe
2015-07-19 16:54 - 2015-07-19 19:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-19 16:52 - 2015-07-19 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-19 16:52 - 2015-07-19 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-19 16:52 - 2015-07-19 16:52 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-19 16:52 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-19 16:52 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-19 16:52 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-19 16:50 - 2015-07-19 16:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\CNR\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-17 14:00 - 2015-07-17 14:00 - 00009654 _____ C:\ComboFix.txt
2015-07-17 13:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-17 13:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-17 13:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-17 13:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-17 13:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-17 13:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-17 13:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-17 13:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-17 12:22 - 2015-07-17 12:22 - 00001916 _____ C:\Windows\fsmsiuninstall.log
2015-07-17 12:22 - 2015-07-17 12:22 - 00001228 _____ C:\Windows\fsdgunst.log
2015-07-17 12:22 - 2015-07-17 12:22 - 00000700 _____ C:\Windows\daasunin.LOG
2015-07-17 12:21 - 2015-07-17 12:21 - 00020299 _____ C:\Windows\FSAUA_UN.LOG
2015-07-17 12:21 - 2015-07-17 12:21 - 00001549 _____ C:\Windows\FSPSUNI.LOG
2015-07-17 12:20 - 2015-07-17 12:22 - 00412732 _____ C:\Windows\FSUNINST.log
2015-07-17 12:20 - 2015-07-17 12:22 - 00066116 _____ C:\Windows\uninstaller.log
2015-07-17 12:20 - 2015-07-17 12:20 - 00001528 _____ C:\Windows\FSASWUNI.LOG
2015-07-17 12:20 - 2015-07-17 12:20 - 00000869 _____ C:\Windows\FSGEMINST.LOG
2015-07-17 12:17 - 2015-07-17 14:00 - 00000000 ____D C:\Qoobox
2015-07-17 12:17 - 2015-07-17 13:57 - 00000000 ____D C:\Windows\erdnt
2015-07-17 12:12 - 2015-07-17 12:12 - 05634275 ____R (Swearware) C:\Users\CNR\Desktop\ComboFix.exe
2015-07-17 12:11 - 2015-07-17 12:12 - 05634275 _____ (Swearware) C:\Users\CNR\Downloads\ComboFix.exe
2015-07-17 11:58 - 2015-07-17 11:59 - 00000000 ____D C:\Program Files\GUM442E.tmp
2015-07-16 09:19 - 2015-07-19 19:55 - 01637888 _____ (Farbar) C:\Users\CNR\Desktop\FRST.exe
2015-07-14 15:04 - 2015-07-14 15:28 - 00000000 ____D C:\Users\CNR\Desktop\Sicherung_
2015-07-14 02:41 - 2015-07-19 19:55 - 00000000 ____D C:\FRST
2015-07-13 14:52 - 2015-07-13 14:52 - 00000000 ____D C:\Program Files\GUM1FC3.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 19:50 - 2010-06-12 14:46 - 01612184 _____ C:\Windows\WindowsUpdate.log
2015-07-19 19:25 - 2009-07-14 06:34 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-19 19:25 - 2009-07-14 06:34 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-19 19:16 - 2010-08-15 19:06 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-19 19:16 - 2010-07-15 07:50 - 00080602 _____ C:\Windows\PFRO.log
2015-07-19 19:16 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-19 19:16 - 2009-07-14 06:39 - 00062027 _____ C:\Windows\setupact.log
2015-07-19 19:03 - 2010-08-15 19:07 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-19 18:12 - 2010-08-15 19:08 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-19 18:02 - 2011-03-30 14:24 - 00450220 _____ C:\Windows\system32\perfh014.dat
2015-07-19 18:02 - 2011-03-30 14:24 - 00077970 _____ C:\Windows\system32\perfc014.dat
2015-07-19 18:02 - 2010-06-12 14:55 - 02028498 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-19 17:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-17 14:00 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-07-17 13:57 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-07-17 13:01 - 2010-06-12 21:06 - 00000000 ____D C:\Program Files\F-Secure
2015-07-17 12:22 - 2010-06-12 21:05 - 39475887 _____ C:\Windows\FSISU.log
2015-07-17 12:22 - 2010-06-12 21:05 - 01317305 _____ C:\Windows\FSDEPH.log
2015-07-17 12:22 - 2010-06-12 21:05 - 00012210 _____ C:\Windows\FSGKIAIN.log
2015-07-17 12:22 - 2010-06-12 21:05 - 00005013 _____ C:\Windows\FSLDIN.LOG
2015-07-17 12:21 - 2010-06-12 21:05 - 00025127 _____ C:\Windows\fsavunin.log
2015-07-17 12:21 - 2010-06-12 21:05 - 00000809 _____ C:\Windows\FSGUIINS.LOG
2015-07-17 12:21 - 2010-06-12 21:05 - 00000631 _____ C:\Windows\fstnbins.LOG
2015-07-17 12:21 - 2010-06-12 21:05 - 00000578 _____ C:\Windows\HELPINST.LOG
2015-07-17 12:21 - 2010-06-12 17:40 - 00000000 ____D C:\ProgramData\f-secure
2015-07-17 12:20 - 2010-11-11 17:23 - 00000681 _____ C:\Windows\FSAVES_inst.log
2015-07-17 12:20 - 2010-06-12 21:05 - 00056082 _____ C:\Windows\fwesinst.log
2015-07-17 12:20 - 2010-06-12 21:05 - 00001489 _____ C:\Windows\fsgadget.log
2015-07-13 17:05 - 2013-09-25 17:12 - 00000000 _____ C:\ProgramData\wlrltrg.ctrl

==================== Files in the root of some directories =======

2011-02-16 13:31 - 2011-02-16 13:31 - 0027227 _____ () C:\Users\CNR\AppData\Roaming\Persönliches Adressbuch.ADR
2013-09-25 17:43 - 2013-09-25 17:43 - 0016196 ____T () C:\ProgramData\clorf.exe
2010-08-15 19:15 - 2010-08-15 19:15 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-09-25 17:12 - 2015-07-13 17:05 - 0000000 _____ () C:\ProgramData\wlrltrg.ctrl
2013-09-25 17:10 - 2013-09-25 19:30 - 95025368 ____T () C:\ProgramData\wlrltrg.pff

Some files in TEMP:
====================
C:\Users\CNR\AppData\Local\temp\Quarantine.exe
C:\Users\CNR\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-23 17:03

==================== End of log ============================
--- --- ---


und Addition:

[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2015 01
Ran by CNR at 2015-07-19 19:56:27
Running from C:\Users\CNR\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2951395798-552501079-809187365-500 - Administrator - Disabled)
CNR (S-1-5-21-2951395798-552501079-809187365-1001 - Administrator - Enabled) => C:\Users\CNR
Gast (S-1-5-21-2951395798-552501079-809187365-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{C0C3E596-F6ED-79FF-C1E2-920ED673B5F3}) (Version: 3.0.604.0 - ATI Technologies, Inc.)
Branding (Version: 1.00.0000 - Your Company Name) Hidden
ccc-core-static (Version: 0108.2146.2565.38893 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Uninstaller (HKLM\...\Corel Uninstaller) (Version:  - )
EAR 13 (HKLM\...\{5884BC9C-7A0F-4BFF-8CD2-3AA26DFCCA98}) (Version: 13.0.3 - Internet Design & EDV Entwiclung - Michael Hertlein)
EAR 14 (HKLM\...\{A576976A-6B9D-4979-B039-921D14F27AA9}) (Version: 14.0.3 - Internet Design & EDV Entwiclung - Michael Hertlein)
FastStone Image Viewer 3.1 (HKLM\...\FastStone Image Viewer) (Version: 3.1 - FastStone Soft)
Fotosizer 1.30 (HKLM\...\Fotosizer) (Version: 1.30 - Fotosizer.com)
F-Secure PSC Prerequisites (Version: 1.0.5 - F-Secure Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.005 - HTC Corporation)
HTC Sync (HKLM\...\{923E3957-F939-453A-BD55-41CFB8D7F211}) (Version: 3.0.5517 - HTC)
Internet-TV für Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MFP Network Adapter (HKLM\...\{7832C74F-0CA6-4F57-BB27-631F33031336}) (Version: 1.00.2000 - Sercomm)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox (3.6.3) (HKLM\...\Mozilla Firefox (3.6.3)) (Version: 3.6.3 (de) - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PaperPort (HKLM\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0823 - ScanSoft, Inc.)
PDF Creator (Remove Only) (HKLM\...\PDF Creator) (Version:  - )
Ruff-Tech (HKLM\...\Ruff-FTP_is1) (Version: 2.61 prof. - Ruff-Tech)
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7280 - Skype Technologies S.A.)
Skype™ 5.3 (HKLM\...\{5335DADB-34BA-4AE8-A519-648D78498846}) (Version: 5.3.111 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.3.0 - Synaptics)
TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.1.9385  - TeamViewer GmbH)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
WISO EÜR & Kasse 2010 (HKLM\...\{52D4013E-3FEC-4C08-AAA8-CC24985A04E1}) (Version: 17.08.6697 - Buhl Data Service GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2951395798-552501079-809187365-1001_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)

==================== Restore Points =========================

19-07-2015 19:37:22 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-07-17 13:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4870E37A-55FC-46BD-B6AB-DBDD5653417D} - System32\Tasks\{60C0DDCA-2966-4CC8-89AD-A44B2B77E57A} => pcalua.exe -a "C:\Program Files\MFP Network Adapter\PS_MFPUtil.exe"
Task: {4D3A8378-101F-4549-81A8-4E82FFE6C519} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)
Task: {73E9014E-28A9-4896-8033-BBFC5A90DD80} - System32\Tasks\{75B3DF89-055C-4315-9121-27971EBE3B87} => C:\Program Files\Skype\Phone\Skype.exe
Task: {A4464B65-31B2-435D-A8FE-F6C87ECA5938} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-01-27] ()
Task: {DE6CCFF9-CDEE-42D5-A3C4-259A62306571} - System32\Tasks\{3CC78565-EFFE-4218-81F4-E0C7726E036C} => pcalua.exe -a C:\Users\CNR\Downloads\org_disc\org_disc\SetupWizard.exe -d C:\Users\CNR\Downloads\org_disc\org_disc
Task: {ED82B5AB-879C-473B-92BB-D567DC69AEBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-09-08 10:23 - 2007-08-21 13:32 - 00098304 _____ () C:\Windows\System32\redmonnt.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-27 10:31 - 1997-11-18 18:34 - 00907264 ____N () C:\Corel\Graphics8\programs\CMFFld80.dll
2006-12-19 19:16 - 2006-12-19 19:16 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2010-09-16 15:06 - 2010-09-16 15:06 - 00080896 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2951395798-552501079-809187365-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CNR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{56B479B4-C5A7-4E87-8233-813EC769F91C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2AFB1027-23D0-412F-B144-4945082E6B82}] => (Allow) C:\Users\CNR\Downloads\pdf_converter.exe
FirewallRules: [{37899C55-1AFB-4E27-96BD-808BA40508A0}] => (Allow) C:\Users\CNR\Downloads\pdf_converter.exe
FirewallRules: [{E4C1F3F8-E819-4E3E-9783-A2A9525A4FFB}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{4B4FEE8D-C7DE-416B-8CF7-E36BB8ACBF14}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{1777BFC5-27B4-4F7D-9822-2324E3312C11}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
FirewallRules: [{4F83A7CB-5FEE-43B5-AEE1-0BD8F3AF52D8}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
FirewallRules: [TCP Query User{D6C2B625-25C2-4C30-9438-E005F4125FC5}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{A699AD3C-AB97-4C00-8C0F-D977388F6ACB}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [{6B126D5F-9D65-4947-97EB-32A1497C37AA}] => (Allow) E:\DVD-Start.exe
FirewallRules: [{6B8500E0-6812-4CF5-88DF-C5192681FC79}] => (Allow) E:\DVD-Start.exe
FirewallRules: [TCP Query User{467AE979-6127-4D4A-9541-71FFDF303D52}C:\program files\ruff-tech\ruff-ftp\ftpsck.exe] => (Allow) C:\program files\ruff-tech\ruff-ftp\ftpsck.exe
FirewallRules: [UDP Query User{9BDBF435-EF39-48A6-9FAB-DB5CEF1723D5}C:\program files\ruff-tech\ruff-ftp\ftpsck.exe] => (Allow) C:\program files\ruff-tech\ruff-ftp\ftpsck.exe
FirewallRules: [{C9D9FF5B-2528-4226-8386-6255D1133EA6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Description: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2015 07:23:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MFIndexer.exe, Version: 8.232.0.0, Zeitstempel: 0x34638699
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16930, Zeitstempel: 0x4eeaf834
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009c7f
ID des fehlerhaften Prozesses: 0xfc8
Startzeit der fehlerhaften Anwendung: 0xMFIndexer.exe0
Pfad der fehlerhaften Anwendung: MFIndexer.exe1
Pfad des fehlerhaften Moduls: MFIndexer.exe2
Berichtskennung: MFIndexer.exe3

Error: (07/19/2015 06:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/19/2015 05:57:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/19/2015 05:37:17 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error: (07/19/2015 05:37:17 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error: (07/19/2015 05:37:17 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error: (07/19/2015 05:37:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error: (07/19/2015 05:37:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06

Error: (07/19/2015 05:37:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06

Error: (07/19/2015 05:37:15 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06


System errors:
=============
Error: (07/19/2015 07:38:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/19/2015 07:38:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/19/2015 07:38:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Internet Pass-Through Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/19/2015 07:38:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/19/2015 07:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/19/2015 07:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Ati External Event Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/19/2015 07:14:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (07/19/2015 07:14:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/19/2015 07:14:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Internet Pass-Through Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/19/2015 07:14:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (07/19/2015 07:23:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MFIndexer.exe8.232.0.034638699msvcrt.dll7.0.7600.169304eeaf834c000000500009c7ffc801d0c246c06d30a8C:\Corel\Graphics8\Programs\MFIndexer.exeC:\Windows\system32\msvcrt.dlle618405e-2e3a-11e5-bd32-d3c03f059834

Error: (07/19/2015 06:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/19/2015 05:57:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/19/2015 05:37:17 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (07/19/2015 05:37:17 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
WindowsFormsIntegration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (07/19/2015 05:37:17 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (07/19/2015 05:37:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (07/19/2015 05:37:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06
System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (07/19/2015 05:37:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06
System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (07/19/2015 05:37:15 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089


==================== Memory info ===========================

Processor: AMD Turion(tm) 64 Mobile Technology MK-36
Percentage of memory in use: 64%
Total physical RAM: 1022.17 MB
Available physical RAM: 362.68 MB
Total Virtual: 2046.17 MB
Available Virtual: 1214.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:57.99 GB) (Free:4.67 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:53.69 GB) (Free:35.04 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5EA4F703)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=53.7 GB) - (Type=0C)

==================== End of log ============================
--- --- ---


Viele liebe Grüße!

schrauber 20.07.2015 09:34
AdwCleaner nochmal, diesmal auch auf Löschen klicken.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131